argon2id 0.1.2-arm64-darwin → 0.2.0-arm64-darwin

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb4efe900291e7cd744eff16004a77972085d2b749735000f6ee122f959c569e
4
- data.tar.gz: 7ffb64239efdbd63e4729a9656aa187c348e296b260873396277baa6bf5a14b3
3
+ metadata.gz: f072e931f998187819799fd02784a7e036d89ac5b2394e54f31950255a23bb7c
4
+ data.tar.gz: cbe01c8f4d0de0c006b3ff65da48be277397ec9fb9d4abe21cfe43b603817fd2
5
5
  SHA512:
6
- metadata.gz: 305568d73b854cd1fa058567d3b29873fb0c5a513accec67bac30774bd821289fbab112f17668ac6ff6ed9f097df6e626d6d3a2835f0d575cef732c9810f6c64
7
- data.tar.gz: 0d0583addac706df2281070b243ed8354685a36b88e70774d517e986d13f164fdd75367f1fe44c08eb8d4feed024be2fa34360da6520c876880dfde6f9e28311
6
+ metadata.gz: c7795200dffd8aa87ecf653719f7549dd3fc978135f2101eadb9c820a036a6ce7e67086c54b6e17b53a00b9c9017aae6d344d2504720cca95a93cd6dde2bab2e
7
+ data.tar.gz: 75fd00b337f1ae4a5aa9fad3284153240ffd1300e0cf49b62680f6c7fe39bb4e3fc8c0f8a230e6d83da7fd334715150e30a21c55082395dbeddb9768c82a91e1
data/CHANGELOG.md CHANGED
@@ -7,10 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [0.1.2] - 2024-11-01
9
9
 
10
+ ### Added
11
+
12
+ - The original salt for an `Argon2id::Password` can now be retrieved with
13
+ `Argon2id::Password#salt`
14
+
15
+ ### Changed
16
+
17
+ - Encoded hashes are now validated when initialising an `Argon2id::Password`,
18
+ raising an `ArgumentError` if they are invalid
19
+
20
+ ## [0.1.2] - 2024-11-01
21
+
10
22
  ### Fixed
11
23
 
12
- - Validate that the encoded hash passed to Argon2id::Password.new is a
13
- null-terminated C string, raising an ArgumentError if it contains extra null
24
+ - Validate that the encoded hash passed to `Argon2id::Password.new` is a
25
+ null-terminated C string, raising an `ArgumentError` if it contains extra null
14
26
  bytes
15
27
 
16
28
  ## [0.1.1] - 2024-11-01
@@ -32,6 +44,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
32
44
  reference C implementation of Argon2, the password-hashing function that won
33
45
  the Password Hashing Competition.
34
46
 
47
+ [0.2.0]: https://github.com/mudge/argon2id/releases/tag/v0.2.0
35
48
  [0.1.2]: https://github.com/mudge/argon2id/releases/tag/v0.1.2
36
49
  [0.1.1]: https://github.com/mudge/argon2id/releases/tag/v0.1.1
37
50
  [0.1.0]: https://github.com/mudge/argon2id/releases/tag/v0.1.0
data/README.md CHANGED
@@ -5,17 +5,17 @@ function that won the 2015 [Password Hashing Competition][].
5
5
 
6
6
  [![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
7
7
 
8
- **Current version:** 0.1.2
8
+ **Current version:** 0.2.0
9
9
  **Bundled Argon2 version:** libargon2.1 (20190702)
10
10
 
11
11
  ```ruby
12
- Argon2::Password.create("opensesame").to_s
12
+ Argon2id::Password.create("opensesame").to_s
13
13
  #=> "$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU"
14
14
 
15
- Argon2::Password.create("opensesame") == "opensesame"
15
+ Argon2id::Password.create("opensesame") == "opensesame"
16
16
  #=> true
17
17
 
18
- Argon2::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU") == "opensesame"
18
+ Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU") == "opensesame"
19
19
  #=> true
20
20
  ```
21
21
 
@@ -142,6 +142,14 @@ password.is_password?("opensesame") #=> true
142
142
  password.is_password?("notopensesame") #=> false
143
143
  ```
144
144
 
145
+ The original salt for a password can be retrieved with `Argon2id::Password#salt`:
146
+
147
+ ```ruby
148
+ password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
149
+ password.salt
150
+ #=> "somesalt"
151
+ ```
152
+
145
153
  ### Errors
146
154
 
147
155
  Any errors returned from Argon2 will be raised as `Argon2id::Error`, e.g.
data/argon2id.gemspec CHANGED
@@ -53,6 +53,7 @@ Gem::Specification.new do |s|
53
53
  ]
54
54
  s.rdoc_options = ["--main", "README.md"]
55
55
 
56
+ s.add_runtime_dependency("base64")
56
57
  s.add_development_dependency("rake-compiler", "~> 1.2")
57
58
  s.add_development_dependency("rake-compiler-dock", "~> 1.5")
58
59
  s.add_development_dependency("minitest", "~> 5.25")
Binary file
Binary file
Binary file
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "base64"
3
4
  require "openssl"
4
5
 
5
6
  module Argon2id
@@ -17,9 +18,28 @@ module Argon2id
17
18
  # password == "password"
18
19
  # #=> true
19
20
  class Password
21
+ # A regular expression to match valid hashes.
22
+ PATTERN = %r{
23
+ \A
24
+ \$
25
+ argon2(?:id|i|d)
26
+ (?:\$v=\d+)?
27
+ \$m=\d+
28
+ ,t=\d+
29
+ ,p=\d+
30
+ \$
31
+ (?<base64_salt>[a-zA-Z0-9+/]+)
32
+ \$
33
+ [a-zA-Z0-9+/]+
34
+ \z
35
+ }x.freeze
36
+
20
37
  # The encoded password hash.
21
38
  attr_reader :encoded
22
39
 
40
+ # The salt.
41
+ attr_reader :salt
42
+
23
43
  # Create a new Password object that hashes a given plain text password +pwd+.
24
44
  #
25
45
  # - +:t_cost+: integer (default 2) the "time cost" given as a number of iterations
@@ -57,8 +77,13 @@ module Argon2id
57
77
  # Create a new Password with the given encoded password hash.
58
78
  #
59
79
  # password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
80
+ #
81
+ # Raises an ArgumentError if given an invalid hash.
60
82
  def initialize(encoded)
83
+ raise ArgumentError, "invalid hash" unless PATTERN =~ encoded
84
+
61
85
  @encoded = encoded
86
+ @salt = Base64.decode64(Regexp.last_match(:base64_salt))
62
87
  end
63
88
 
64
89
  # Return the encoded password hash.
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Argon2id
4
- VERSION = "0.1.2"
4
+ VERSION = "0.2.0"
5
5
  end
data/lib/argon2id.rb CHANGED
@@ -15,7 +15,7 @@ module Argon2id
15
15
  DEFAULT_T_COST = 2
16
16
 
17
17
  # The default "memory cost" of 19 mebibytes recommended by OWASP.
18
- DEFAULT_M_COST = 19456
18
+ DEFAULT_M_COST = 19_456
19
19
 
20
20
  # The default 1 thread and compute lane recommended by OWASP.
21
21
  DEFAULT_PARALLELISM = 1
@@ -74,13 +74,33 @@ class TestPassword < Minitest::Test
74
74
  refute password.is_password?("notopensesame")
75
75
  end
76
76
 
77
- def test_raises_if_verifying_with_invalid_encoded_password
78
- password = Argon2id::Password.new("invalid")
77
+ def test_salt_returns_the_original_salt
78
+ password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
79
79
 
80
- error = assert_raises(Argon2id::Error) do
81
- password.is_password?("opensesame")
80
+ assert_equal "somesalt", password.salt
81
+ end
82
+
83
+ def test_salt_returns_raw_bytes
84
+ password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$KmIxrXv4lrnSJPO0LN7Gdw$lB3724qLPL9MNi10lkvIb4VxIk3q841CLvq0WTCZ0VQ")
85
+
86
+ assert_equal "*b1\xAD{\xF8\x96\xB9\xD2$\xF3\xB4,\xDE\xC6w".b, password.salt
87
+ end
88
+
89
+ def test_raises_for_invalid_hashes
90
+ assert_raises(ArgumentError) do
91
+ Argon2id::Password.new("not a valid hash")
82
92
  end
93
+ end
94
+
95
+ def test_raises_for_partial_hashes
96
+ assert_raises(ArgumentError) do
97
+ Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$KmIxrXv4lrnSJPO0LN7Gdw")
98
+ end
99
+ end
100
+
101
+ def test_salt_supports_versionless_hashes
102
+ password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
83
103
 
84
- assert_equal "Decoding failed", error.message
104
+ assert_equal "somesalt", password.salt
85
105
  end
86
106
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: argon2id
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.2.0
5
5
  platform: arm64-darwin
6
6
  authors:
7
7
  - Paul Mucur
@@ -10,6 +10,20 @@ bindir: bin
10
10
  cert_chain: []
11
11
  date: 2024-11-01 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: base64
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: rake-compiler
15
29
  requirement: !ruby/object:Gem::Requirement