argon2id 0.2.0-x86-linux → 0.3.0-x86-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 856f05288f1c391b7a2e0fa02106ae7ecff332a75c882234ba1521c060e35baf
-  data.tar.gz: 3f7761affd039e53dd979ab1064e25598773a5b5723e7dec1d0c8b5a890e3c92
+  metadata.gz: d04472310d5c3f2ce514946ee659af41265deabf3d407138b24da6331bba54bb
+  data.tar.gz: b9cb95db085d04431e6720bb691f29339d0d854fe1d1f2698278c31a09a18e94
 SHA512:
-  metadata.gz: 2afcc7f9524863a2df47a11a15756ea998f8b405fad1b3616cb379dfa90cb194961c938a5c7b8e29cdd23edc90e8633acde091746735992474b794a12cf59191
-  data.tar.gz: 640526ac7b13260f9303bacebf9995f9dc7240d3852053973f035ae9096e5449f24d0cd41509592b36fa770f9994a63195c2941a2a4c45b156ee8f216fe4ceb5
+  metadata.gz: 704669c139df342c654883ec52b11a6084aa2b1cbc1be2417c7dcacd33f9e63224834a89c2d604d980c106e3163fd892d70b1baaa6991f9fc778e059cf897faf
+  data.tar.gz: 3c6df59db1d9a489638380857f11206a14953a568c0707539835b0d9cc2d955e7a077ced70c82346825b096de0400ee794a148e7fa454ce5fd601dc5a9cc245a

data/CHANGELOG.md

@@ -5,7 +5,26 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.1.2] - 2024-11-01
+## [0.3.0] - 2024-11-01
+
+### Added
+
+- Expose all parameters of a hash through new readers on `Argon2id::Password`:
+  namely, `type`, `version`, `m_cost`, `t_cost`, and `parallelism`
+
+### Changed
+
+- Remove the dependency on the `base64` gem by inlining the definition of
+  `Base64.decode64` (thanks to @etiennebarrie for the tip)
+
+## [0.2.1] - 2024-11-01
+
+### Added
+
+- Anything that can be coerced to a String can now be passed to
+  `Argon2id::Password.new`
+
+## [0.2.0] - 2024-11-01
 
 ### Added
 
@@ -44,6 +63,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   reference C implementation of Argon2, the password-hashing function that won
   the Password Hashing Competition.
 
+[0.3.0]: https://github.com/mudge/argon2id/releases/tag/v0.3.0
+[0.2.1]: https://github.com/mudge/argon2id/releases/tag/v0.2.1
 [0.2.0]: https://github.com/mudge/argon2id/releases/tag/v0.2.0
 [0.1.2]: https://github.com/mudge/argon2id/releases/tag/v0.1.2
 [0.1.1]: https://github.com/mudge/argon2id/releases/tag/v0.1.1

data/README.md

@@ -5,18 +5,19 @@ function that won the 2015 [Password Hashing Competition][].
 
 [![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
 
-**Current version:** 0.2.0  
+**Current version:** 0.3.0  
 **Bundled Argon2 version:** libargon2.1 (20190702)
 
 ```ruby
-Argon2id::Password.create("opensesame").to_s
-#=> "$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU"
+Argon2id::Password.create("password").to_s
+#=> "$argon2id$v=19$m=19456,t=2,p=1$agNV6OfDL1OwE44WdrFCJw$ITrBwvCsW4b5GjgZuL67RCcvVMEWBWXtASc9TVyI3rY"
 
-Argon2id::Password.create("opensesame") == "opensesame"
-#=> true
+password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
+password == "password"      #=> true
+password == "not password" #=> false
 
-Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU") == "opensesame"
-#=> true
+password.m_cost #=> 19456
+password.salt   #=> "e-\xA7\x04U\x81\xA6{v\xF0x\xED\xCC\xD3\x96\xE3"
 ```
 
 ## Table of contents
@@ -142,12 +143,16 @@ password.is_password?("opensesame")    #=> true
 password.is_password?("notopensesame") #=> false
 ```
 
-The original salt for a password can be retrieved with `Argon2id::Password#salt`:
+The various parameters for the password can be retrieved:
 
 ```ruby
 password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-password.salt
-#=> "somesalt"
+password.type        #=> "argon2id"
+password.version     #=> 19
+password.m_cost      #=> 256
+password.t_cost      #=> 2
+password.parallelism #=> 1
+password.salt        #=> "somesalt"
 ```
 
 ### Errors
@@ -155,9 +160,8 @@ password.salt
 Any errors returned from Argon2 will be raised as `Argon2id::Error`, e.g.
 
 ```ruby
-password = Argon2id::Password.new("not a valid hash encoding")
-password == "opensesame"
-# Decoding failed (Argon2id::Error)
+Argon2id::Password.create("password", salt_len: 0)
+# Salt is too short (Argon2id::Error)
 ```
 
 ## Requirements
@@ -184,11 +188,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
 checked with `sha256sum`, e.g.
 
 ```console
-$ gem fetch argon2id -v 0.1.1
-Fetching argon2id-0.1.1-arm64-darwin.gem
-Downloaded argon2id-0.1.1-arm64-darwin
-$ sha256sum argon2id-0.1.1-arm64-darwin.gem
-8d47464edf847ca52c1d41cac1a9feff376e9a1e7c0a98ab58df846990caa1bb  argon2id-0.1.1-arm64-darwin.gem
+$ gem fetch argon2id -v 0.2.1
+Fetching argon2id-0.2.1-arm64-darwin.gem
+Downloaded argon2id-0.2.1-arm64-darwin
+$ sha256sum argon2id-0.2.1-arm64-darwin.gem
+aea93700e989e421dd4e66b99038b9fec1acc9a265fe9d35e2100ceb5c18e5a9  argon2id-0.2.1-arm64-darwin.gem
 ```
 
 [GPG](https://www.gnupg.org/) signatures are attached to each release (the
@@ -198,8 +202,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
 0x39AC3530070E0F75`):
 
 ```console
-$ gpg --verify argon2id-0.1.1-arm64-darwin.gem.sig argon2id-0.1.1-arm64-darwin.gem
-gpg: Signature made Fri  1 Nov 07:24:16 2024 GMT
+$ gpg --verify argon2id-0.2.1-arm64-darwin.gem.sig argon2id-0.2.1-arm64-darwin.gem
+gpg: Signature made Fri  1 Nov 15:06:30 2024 GMT
 gpg:                using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
 gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
 gpg:                 aka "Paul Mucur <paul@ghostcassette.com>" [unknown]

data/argon2id.gemspec

@@ -53,7 +53,6 @@ Gem::Specification.new do |s|
   ]
   s.rdoc_options = ["--main", "README.md"]
 
-  s.add_runtime_dependency("base64")
   s.add_development_dependency("rake-compiler", "~> 1.2")
   s.add_development_dependency("rake-compiler-dock", "~> 1.5")
   s.add_development_dependency("minitest", "~> 5.25")

data/lib/argon2id/password.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "base64"
 require "openssl"
 
 module Argon2id
@@ -12,23 +11,38 @@ module Argon2id
   #   password.to_s
   #   #=> "$argon2id$v=19$m=19456,t=2,p=1$+Lrjry9Ifq0poLr15OGU1Q$utkDvejJB0ugwm4s9+a+vF6+1a/W+Y3CYa5Wte/85ig"
   #
-  # To verify an encoded Argon2id password hash, use Argon2id::Password.new:
+  # To wrap an encoded Argon2id password hash, use Argon2id::Password.new:
   #
-  #   password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$+Lrjry9Ifq0poLr15OGU1Q$utkDvejJB0ugwm4s9+a+vF6+1a/W+Y3CYa5Wte/85ig")
-  #   password == "password"
-  #   #=> true
+  #   password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+  #
+  # You can then verify it matches a given plain text:
+  #
+  #   password == "password"     #=> true
+  #   password == "not password" #=> false
+  #
+  #   password.is_password?("password")     #=> true
+  #   password.is_password?("not password") #=> false
+  #
+  # You can read various parameters out of a password hash:
+  #
+  #   password.type        #=> "argon2id"
+  #   password.version     #=> 19
+  #   password.m_cost      #=> 19456
+  #   password.t_cost      #=> 2
+  #   password.parallelism #=> 1
+  #   password.salt        #=>  "somesalt"
   class Password
     # A regular expression to match valid hashes.
     PATTERN = %r{
       \A
       \$
-      argon2(?:id|i|d)
-      (?:\$v=\d+)?
-      \$m=\d+
-      ,t=\d+
-      ,p=\d+
+      (argon2(?:id|i|d))
+      (?:\$v=(\d+))?
+      \$m=(\d+)
+      ,t=(\d+)
+      ,p=(\d+)
       \$
-      (?<base64_salt>[a-zA-Z0-9+/]+)
+      ([a-zA-Z0-9+/]+)
       \$
       [a-zA-Z0-9+/]+
       \z
@@ -37,6 +51,21 @@ module Argon2id
     # The encoded password hash.
     attr_reader :encoded
 
+    # The type of the hashing function.
+    attr_reader :type
+
+    # The version number of the hashing function.
+    attr_reader :version
+
+    # The "time cost" of the hashing function.
+    attr_reader :t_cost
+
+    # The "memory cost" of the hashing function.
+    attr_reader :m_cost
+
+    # The number of threads and compute lanes of the hashing function.
+    attr_reader :parallelism
+
     # The salt.
     attr_reader :salt
 
@@ -80,19 +109,22 @@ module Argon2id
     #
     # Raises an ArgumentError if given an invalid hash.
     def initialize(encoded)
-      raise ArgumentError, "invalid hash" unless PATTERN =~ encoded
+      raise ArgumentError, "invalid hash" unless PATTERN =~ String(encoded)
 
-      @encoded = encoded
-      @salt = Base64.decode64(Regexp.last_match(:base64_salt))
+      @encoded = $&
+      @type = $1
+      @version = ($2 || 0x10).to_i
+      @m_cost = $3.to_i
+      @t_cost = $4.to_i
+      @parallelism = $5.to_i
+      @salt = $6.unpack1("m")
     end
 
     # Return the encoded password hash.
-    def to_s
-      encoded
-    end
+    alias_method :to_s, :encoded
 
-    # Compare the password with given plain text, returning true if it verifies
-    # successfully.
+    # Compare the password with the given plain text, returning true if it
+    # verifies successfully.
     #
     #   password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
     #   password == "password"    #=> true

data/lib/argon2id/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Argon2id
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/test/test_password.rb

@@ -103,4 +103,70 @@ class TestPassword < Minitest::Test
 
     assert_equal "somesalt", password.salt
   end
+
+  def test_coerces_given_hash_to_string
+    password = Argon2id::Password.create("password")
+
+    assert Argon2id::Password.new(password) == "password"
+  end
+
+  def test_extracting_type_from_hash
+    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal "argon2id", password.type
+  end
+
+  def test_extracting_type_from_argoni_hash
+    password = Argon2id::Password.new("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal "argon2i", password.type
+  end
+
+  def test_extracting_version_from_hash
+    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 19, password.version
+  end
+
+  def test_extracting_version_from_versionless_hash
+    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 16, password.version
+  end
+
+  def test_extracting_time_cost_from_hash
+    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 2, password.t_cost
+  end
+
+  def test_extracting_time_cost_from_versionless_hash
+    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 2, password.t_cost
+  end
+
+  def test_extracting_memory_cost_from_hash
+    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 256, password.m_cost
+  end
+
+  def test_extracting_memory_cost_from_versionless_hash
+    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 256, password.m_cost
+  end
+
+  def test_extracting_parallelism_from_hash
+    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 1, password.parallelism
+  end
+
+  def test_extracting_parallelism_from_versionless_hash
+    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
+
+    assert_equal 1, password.parallelism
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: argon2id
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: x86-linux
 authors:
 - Paul Mucur
@@ -10,20 +10,6 @@ bindir: bin
 cert_chain: []
 date: 2024-11-01 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: base64
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake-compiler
   requirement: !ruby/object:Gem::Requirement