argon2id 0.1.2-x64-mingw-ucrt → 0.2.0-x64-mingw-ucrt

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b20ba7560ad0d4466c3b79ef5124b4ba499875906e0371f226e4ab0b19e1b18d
-  data.tar.gz: 0e7c00a7b12524c7052a5a181250b88053e5e4db7465e4487a00528c13677924
+  metadata.gz: 149699bfff38e1f7cd391844883e177098b0bc36f85d8ce498a50ea34465d28d
+  data.tar.gz: 7a8167c794a5e6f5088c4b75e1f264fd35c4ff1f0ec663173335a99355994d44
 SHA512:
-  metadata.gz: 9760bfb485ef65c92067de09874c2b98c94db5ea4cc404681f9c34fe1ced9841bea823ab1163e3235dc7c64520f9adb5a8c644f758c90994467ab17a9c384587
-  data.tar.gz: 4f7c6115e96ace87a740a5200e2cff9c63be6079b015dd45b5f9541d9d76a56256e598e7dc4a3be5e45e8bc18e83f36911c75d5f70f15cb81443011cf10a4522
+  metadata.gz: 6c2c47641f86448f649fab1c592f3e1a6f6f14e7b5c927c506729a3cd95b770be9df91772280e8a104e2b7225c1e25740a751a7b02de5c4735ab57b655a54a87
+  data.tar.gz: ce1b17eb362dcf9687fcf67fd8e96056d2177332da1364a90eb9e63b4ec9a73811b40acefa76440ceb51e5fcd2a417af4a771c6a9df2ce3eb02e71b131edd7b0

data/CHANGELOG.md

@@ -7,10 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [0.1.2] - 2024-11-01
 
+### Added
+
+- The original salt for an `Argon2id::Password` can now be retrieved with
+  `Argon2id::Password#salt`
+
+### Changed
+
+- Encoded hashes are now validated when initialising an `Argon2id::Password`,
+  raising an `ArgumentError` if they are invalid
+
+## [0.1.2] - 2024-11-01
+
 ### Fixed
 
-- Validate that the encoded hash passed to Argon2id::Password.new is a
-  null-terminated C string, raising an ArgumentError if it contains extra null
+- Validate that the encoded hash passed to `Argon2id::Password.new` is a
+  null-terminated C string, raising an `ArgumentError` if it contains extra null
   bytes
 
 ## [0.1.1] - 2024-11-01
@@ -32,6 +44,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   reference C implementation of Argon2, the password-hashing function that won
   the Password Hashing Competition.
 
+[0.2.0]: https://github.com/mudge/argon2id/releases/tag/v0.2.0
 [0.1.2]: https://github.com/mudge/argon2id/releases/tag/v0.1.2
 [0.1.1]: https://github.com/mudge/argon2id/releases/tag/v0.1.1
 [0.1.0]: https://github.com/mudge/argon2id/releases/tag/v0.1.0

data/README.md

@@ -5,17 +5,17 @@ function that won the 2015 [Password Hashing Competition][].
 
 [![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
 
-**Current version:** 0.1.2  
+**Current version:** 0.2.0  
 **Bundled Argon2 version:** libargon2.1 (20190702)
 
 ```ruby
-Argon2::Password.create("opensesame").to_s
+Argon2id::Password.create("opensesame").to_s
 #=> "$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU"
 
-Argon2::Password.create("opensesame") == "opensesame"
+Argon2id::Password.create("opensesame") == "opensesame"
 #=> true
 
-Argon2::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU") == "opensesame"
+Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU") == "opensesame"
 #=> true
 ```
 
@@ -142,6 +142,14 @@ password.is_password?("opensesame")    #=> true
 password.is_password?("notopensesame") #=> false
 ```
 
+The original salt for a password can be retrieved with `Argon2id::Password#salt`:
+
+```ruby
+password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+password.salt
+#=> "somesalt"
+```
+
 ### Errors
 
 Any errors returned from Argon2 will be raised as `Argon2id::Error`, e.g.

data/argon2id.gemspec

@@ -53,6 +53,7 @@ Gem::Specification.new do |s|
   ]
   s.rdoc_options = ["--main", "README.md"]
 
+  s.add_runtime_dependency("base64")
   s.add_development_dependency("rake-compiler", "~> 1.2")
   s.add_development_dependency("rake-compiler-dock", "~> 1.5")
   s.add_development_dependency("minitest", "~> 5.25")

data/lib/argon2id/password.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "base64"
 require "openssl"
 
 module Argon2id
@@ -17,9 +18,28 @@ module Argon2id
   #   password == "password"
   #   #=> true
   class Password
+    # A regular expression to match valid hashes.
+    PATTERN = %r{
+      \A
+      \$
+      argon2(?:id|i|d)
+      (?:\$v=\d+)?
+      \$m=\d+
+      ,t=\d+
+      ,p=\d+
+      \$
+      (?<base64_salt>[a-zA-Z0-9+/]+)
+      \$
+      [a-zA-Z0-9+/]+
+      \z
+    }x.freeze
+
     # The encoded password hash.
     attr_reader :encoded
 
+    # The salt.
+    attr_reader :salt
+
     # Create a new Password object that hashes a given plain text password +pwd+.
     #
     # - +:t_cost+: integer (default 2) the "time cost" given as a number of iterations
@@ -57,8 +77,13 @@ module Argon2id
     # Create a new Password with the given encoded password hash.
     #
     #   password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
+    #
+    # Raises an ArgumentError if given an invalid hash.
     def initialize(encoded)
+      raise ArgumentError, "invalid hash" unless PATTERN =~ encoded
+
       @encoded = encoded
+      @salt = Base64.decode64(Regexp.last_match(:base64_salt))
     end
 
     # Return the encoded password hash.

data/lib/argon2id/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Argon2id
-  VERSION = "0.1.2"
+  VERSION = "0.2.0"
 end

data/lib/argon2id.rb

@@ -15,7 +15,7 @@ module Argon2id
   DEFAULT_T_COST = 2
 
   # The default "memory cost" of 19 mebibytes recommended by OWASP.
-  DEFAULT_M_COST = 19456
+  DEFAULT_M_COST = 19_456
 
   # The default 1 thread and compute lane recommended by OWASP.
   DEFAULT_PARALLELISM = 1

data/test/test_password.rb

@@ -74,13 +74,33 @@ class TestPassword < Minitest::Test
     refute password.is_password?("notopensesame")
   end
 
-  def test_raises_if_verifying_with_invalid_encoded_password
-    password = Argon2id::Password.new("invalid")
+  def test_salt_returns_the_original_salt
+    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
 
-    error = assert_raises(Argon2id::Error) do
-      password.is_password?("opensesame")
+    assert_equal "somesalt", password.salt
+  end
+
+  def test_salt_returns_raw_bytes
+    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$KmIxrXv4lrnSJPO0LN7Gdw$lB3724qLPL9MNi10lkvIb4VxIk3q841CLvq0WTCZ0VQ")
+
+    assert_equal "*b1\xAD{\xF8\x96\xB9\xD2$\xF3\xB4,\xDE\xC6w".b, password.salt
+  end
+
+  def test_raises_for_invalid_hashes
+    assert_raises(ArgumentError) do
+      Argon2id::Password.new("not a valid hash")
     end
+  end
+
+  def test_raises_for_partial_hashes
+    assert_raises(ArgumentError) do
+      Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$KmIxrXv4lrnSJPO0LN7Gdw")
+    end
+  end
+
+  def test_salt_supports_versionless_hashes
+    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
 
-    assert_equal "Decoding failed", error.message
+    assert_equal "somesalt", password.salt
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: argon2id
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.0
 platform: x64-mingw-ucrt
 authors:
 - Paul Mucur
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2024-11-01 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake-compiler
   requirement: !ruby/object:Gem::Requirement