argon2id 0.2.1-x64-mingw-ucrt → 0.4.0-x64-mingw-ucrt
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -0
- data/README.md +35 -21
- data/Rakefile +16 -0
- data/argon2id.gemspec +0 -1
- data/ext/argon2id/argon2id.c +3 -0
- data/lib/3.1/argon2id.so +0 -0
- data/lib/3.2/argon2id.so +0 -0
- data/lib/3.3/argon2id.so +0 -0
- data/lib/argon2id/password.rb +55 -21
- data/lib/argon2id/version.rb +1 -1
- data/lib/argon2id.rb +59 -5
- data/test/test_hash_encoded.rb +6 -16
- data/test/test_password.rb +60 -0
- data/test/test_verify.rb +1 -1
- metadata +2 -16
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: 42c3fc3bcafb02453c050dda4ef474ecf6f21685a1e2e8a861ed47e0e6870da5
         | 
| 4 | 
            +
              data.tar.gz: 2bcab9f7ebf8f94447c4528633db47893d9e336fca5be93b4ff34468400cb021
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: fc7e36e0fcb8394a0750bb0d504729e0e3ca4ea3794a1dcfd0e0b8b1292b6fd97418191cf5d598f4603f5ab18897af3382113aa5233e8932368b3f6e15e22f39
         | 
| 7 | 
            +
              data.tar.gz: 4ce5c9cbca05f85f8657cdd217283d9834d93f8913123d9d2329e8c005dbd491c4a32930aaa1403e51defab865e7a68f5d1530748e3131c4d7ec437686678918
         | 
    
        data/CHANGELOG.md
    CHANGED
    
    | @@ -5,6 +5,32 @@ All notable changes to this project will be documented in this file. | |
| 5 5 | 
             
            The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
         | 
| 6 6 | 
             
            and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
         | 
| 7 7 |  | 
| 8 | 
            +
            ## [0.4.0] - 2024-11-02
         | 
| 9 | 
            +
             | 
| 10 | 
            +
            ### Added
         | 
| 11 | 
            +
             | 
| 12 | 
            +
            - Added support for JRuby 9.4 by adding an implementation of Argon2id hashing
         | 
| 13 | 
            +
              and verification using JRuby-OpenSSL's Bouncy Castle internals.
         | 
| 14 | 
            +
            - Added `output` to `Argon2id::Password` instances so the actual "output" part
         | 
| 15 | 
            +
              of a password hash can be retrieved (and compared)
         | 
| 16 | 
            +
             | 
| 17 | 
            +
            ### Changed
         | 
| 18 | 
            +
             | 
| 19 | 
            +
            - Verifying a password will now consistently raise an `ArgumentError` when
         | 
| 20 | 
            +
              given an invalid encoded hash rather than an `Argon2id::Error`
         | 
| 21 | 
            +
             | 
| 22 | 
            +
            ## [0.3.0] - 2024-11-01
         | 
| 23 | 
            +
             | 
| 24 | 
            +
            ### Added
         | 
| 25 | 
            +
             | 
| 26 | 
            +
            - Expose all parameters of a hash through new readers on `Argon2id::Password`:
         | 
| 27 | 
            +
              namely, `type`, `version`, `m_cost`, `t_cost`, and `parallelism`
         | 
| 28 | 
            +
             | 
| 29 | 
            +
            ### Changed
         | 
| 30 | 
            +
             | 
| 31 | 
            +
            - Remove the dependency on the `base64` gem by inlining the definition of
         | 
| 32 | 
            +
              `Base64.decode64` (thanks to @etiennebarrie for the tip)
         | 
| 33 | 
            +
             | 
| 8 34 | 
             
            ## [0.2.1] - 2024-11-01
         | 
| 9 35 |  | 
| 10 36 | 
             
            ### Added
         | 
| @@ -51,6 +77,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | |
| 51 77 | 
             
              reference C implementation of Argon2, the password-hashing function that won
         | 
| 52 78 | 
             
              the Password Hashing Competition.
         | 
| 53 79 |  | 
| 80 | 
            +
            [0.4.0]: https://github.com/mudge/argon2id/releases/tag/v0.4.0
         | 
| 81 | 
            +
            [0.3.0]: https://github.com/mudge/argon2id/releases/tag/v0.3.0
         | 
| 54 82 | 
             
            [0.2.1]: https://github.com/mudge/argon2id/releases/tag/v0.2.1
         | 
| 55 83 | 
             
            [0.2.0]: https://github.com/mudge/argon2id/releases/tag/v0.2.0
         | 
| 56 84 | 
             
            [0.1.2]: https://github.com/mudge/argon2id/releases/tag/v0.1.2
         | 
    
        data/README.md
    CHANGED
    
    | @@ -5,18 +5,19 @@ function that won the 2015 [Password Hashing Competition][]. | |
| 5 5 |  | 
| 6 6 | 
             
            [](https://github.com/mudge/argon2id/actions)
         | 
| 7 7 |  | 
| 8 | 
            -
            **Current version:** 0. | 
| 8 | 
            +
            **Current version:** 0.4.0  
         | 
| 9 9 | 
             
            **Bundled Argon2 version:** libargon2.1 (20190702)
         | 
| 10 10 |  | 
| 11 11 | 
             
            ```ruby
         | 
| 12 | 
            -
            Argon2id::Password.create(" | 
| 13 | 
            -
            #=> "$argon2id$v=19$m=19456,t=2,p=1$ | 
| 12 | 
            +
            Argon2id::Password.create("password").to_s
         | 
| 13 | 
            +
            #=> "$argon2id$v=19$m=19456,t=2,p=1$agNV6OfDL1OwE44WdrFCJw$ITrBwvCsW4b5GjgZuL67RCcvVMEWBWXtASc9TVyI3rY"
         | 
| 14 14 |  | 
| 15 | 
            -
            Argon2id::Password. | 
| 16 | 
            -
            #=> true
         | 
| 15 | 
            +
            password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
         | 
| 16 | 
            +
            password == "password"     #=> true
         | 
| 17 | 
            +
            password == "not password" #=> false
         | 
| 17 18 |  | 
| 18 | 
            -
             | 
| 19 | 
            -
            #=>  | 
| 19 | 
            +
            password.m_cost #=> 19456
         | 
| 20 | 
            +
            password.salt   #=> "e-\xA7\x04U\x81\xA6{v\xF0x\xED\xCC\xD3\x96\xE3"
         | 
| 20 21 | 
             
            ```
         | 
| 21 22 |  | 
| 22 23 | 
             
            ## Table of contents
         | 
| @@ -142,12 +143,18 @@ password.is_password?("opensesame")    #=> true | |
| 142 143 | 
             
            password.is_password?("notopensesame") #=> false
         | 
| 143 144 | 
             
            ```
         | 
| 144 145 |  | 
| 145 | 
            -
            The  | 
| 146 | 
            +
            The various parts of the encoded password can be retrieved:
         | 
| 146 147 |  | 
| 147 148 | 
             
            ```ruby
         | 
| 148 149 | 
             
            password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 149 | 
            -
            password. | 
| 150 | 
            -
            #=>  | 
| 150 | 
            +
            password.type        #=> "argon2id"
         | 
| 151 | 
            +
            password.version     #=> 19
         | 
| 152 | 
            +
            password.m_cost      #=> 256
         | 
| 153 | 
            +
            password.t_cost      #=> 2
         | 
| 154 | 
            +
            password.parallelism #=> 1
         | 
| 155 | 
            +
            password.salt        #=> "somesalt"
         | 
| 156 | 
            +
            password.output
         | 
| 157 | 
            +
            #=> "\x9D\xFE\xB9\x10\xE8\v\xAD\x03\x11\xFE\xE2\x0F\x9C\x0E+\x12\xC1y\x87\xB4\xCA\xC9\f.\xF5M[0!\xC6\x8B\xFE"
         | 
| 151 158 | 
             
            ```
         | 
| 152 159 |  | 
| 153 160 | 
             
            ### Errors
         | 
| @@ -155,16 +162,22 @@ password.salt | |
| 155 162 | 
             
            Any errors returned from Argon2 will be raised as `Argon2id::Error`, e.g.
         | 
| 156 163 |  | 
| 157 164 | 
             
            ```ruby
         | 
| 158 | 
            -
             | 
| 159 | 
            -
             | 
| 160 | 
            -
            # Decoding failed (Argon2id::Error)
         | 
| 165 | 
            +
            Argon2id::Password.create("password", salt_len: 0)
         | 
| 166 | 
            +
            # Salt is too short (Argon2id::Error)
         | 
| 161 167 | 
             
            ```
         | 
| 162 168 |  | 
| 163 169 | 
             
            ## Requirements
         | 
| 164 170 |  | 
| 165 | 
            -
            This gem requires the following to run:
         | 
| 171 | 
            +
            This gem requires any of the following to run:
         | 
| 166 172 |  | 
| 167 173 | 
             
            * [Ruby](https://www.ruby-lang.org/en/) 2.6 to 3.3
         | 
| 174 | 
            +
            * [JRuby](https://www.jruby.org) 9.4
         | 
| 175 | 
            +
            * [TruffleRuby](https://www.graalvm.org/ruby/) 24.1
         | 
| 176 | 
            +
             | 
| 177 | 
            +
            > [!NOTE]
         | 
| 178 | 
            +
            > The JRuby version of the gem uses
         | 
| 179 | 
            +
            > [JRuby-OpenSSL](https://github.com/jruby/jruby-openssl)'s implementation of
         | 
| 180 | 
            +
            > Argon2 instead of the reference C implementation.
         | 
| 168 181 |  | 
| 169 182 | 
             
            ### Native gems
         | 
| 170 183 |  | 
| @@ -176,6 +189,7 @@ Where possible, a pre-compiled native gem will be provided for the following pla | |
| 176 189 | 
             
                * [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported as long as a [glibc-compatible library is installed](https://wiki.alpinelinux.org/wiki/Running_glibc_programs)
         | 
| 177 190 | 
             
            * macOS `x86_64-darwin` and `arm64-darwin`
         | 
| 178 191 | 
             
            * Windows `x64-mingw32` and `x64-mingw-ucrt`
         | 
| 192 | 
            +
            * Java: any platform running JRuby 9.4 or higher
         | 
| 179 193 |  | 
| 180 194 | 
             
            ### Verifying the gems
         | 
| 181 195 |  | 
| @@ -184,11 +198,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be | |
| 184 198 | 
             
            checked with `sha256sum`, e.g.
         | 
| 185 199 |  | 
| 186 200 | 
             
            ```console
         | 
| 187 | 
            -
            $ gem fetch argon2id -v 0. | 
| 188 | 
            -
            Fetching argon2id-0. | 
| 189 | 
            -
            Downloaded argon2id-0. | 
| 190 | 
            -
            $ sha256sum argon2id-0. | 
| 191 | 
            -
             | 
| 201 | 
            +
            $ gem fetch argon2id -v 0.3.0
         | 
| 202 | 
            +
            Fetching argon2id-0.3.0-arm64-darwin.gem
         | 
| 203 | 
            +
            Downloaded argon2id-0.3.0-arm64-darwin
         | 
| 204 | 
            +
            $ sha256sum argon2id-0.3.0-arm64-darwin.gem
         | 
| 205 | 
            +
            9d49de6840942b48d020dddd422a1577fde7289ccb08a637bdb29f4a09b4e181  argon2id-0.3.0-arm64-darwin.gem
         | 
| 192 206 | 
             
            ```
         | 
| 193 207 |  | 
| 194 208 | 
             
            [GPG](https://www.gnupg.org/) signatures are attached to each release (the
         | 
| @@ -198,8 +212,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key | |
| 198 212 | 
             
            0x39AC3530070E0F75`):
         | 
| 199 213 |  | 
| 200 214 | 
             
            ```console
         | 
| 201 | 
            -
            $ gpg --verify argon2id-0. | 
| 202 | 
            -
            gpg: Signature made Fri  1 Nov  | 
| 215 | 
            +
            $ gpg --verify argon2id-0.3.0-arm64-darwin.gem.sig argon2id-0.3.0-arm64-darwin.gem
         | 
| 216 | 
            +
            gpg: Signature made Fri  1 Nov 18:15:47 2024 GMT
         | 
| 203 217 | 
             
            gpg:                using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
         | 
| 204 218 | 
             
            gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
         | 
| 205 219 | 
             
            gpg:                 aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
         | 
    
        data/Rakefile
    CHANGED
    
    | @@ -20,6 +20,13 @@ ENV["RUBY_CC_VERSION"] = %w[3.3.0 3.2.0 3.1.0 3.0.0 2.7.0 2.6.0].join(":") | |
| 20 20 |  | 
| 21 21 | 
             
            gemspec = Gem::Specification.load("argon2id.gemspec")
         | 
| 22 22 |  | 
| 23 | 
            +
            if RUBY_PLATFORM == "java"
         | 
| 24 | 
            +
              gemspec.files.reject! { |path| File.fnmatch?("ext/*", path) }
         | 
| 25 | 
            +
              gemspec.extensions.clear
         | 
| 26 | 
            +
              gemspec.platform = Gem::Platform.new("java")
         | 
| 27 | 
            +
              gemspec.required_ruby_version = ">= 3.1.0"
         | 
| 28 | 
            +
            end
         | 
| 29 | 
            +
             | 
| 23 30 | 
             
            Gem::PackageTask.new(gemspec).define
         | 
| 24 31 |  | 
| 25 32 | 
             
            Rake::ExtensionTask.new("argon2id", gemspec) do |e|
         | 
| @@ -50,6 +57,15 @@ namespace :gem do | |
| 50 57 | 
             
                  SCRIPT
         | 
| 51 58 | 
             
                end
         | 
| 52 59 | 
             
              end
         | 
| 60 | 
            +
             | 
| 61 | 
            +
              desc "Compile gem for JRuby"
         | 
| 62 | 
            +
              task :jruby do
         | 
| 63 | 
            +
                RakeCompilerDock.sh <<~SCRIPT, rubyvm: "jruby", platform: "jruby", verbose: true
         | 
| 64 | 
            +
                  gem install bundler --no-document &&
         | 
| 65 | 
            +
                  bundle &&
         | 
| 66 | 
            +
                  bundle exec rake gem
         | 
| 67 | 
            +
                SCRIPT
         | 
| 68 | 
            +
              end
         | 
| 53 69 | 
             
            end
         | 
| 54 70 |  | 
| 55 71 | 
             
            task default: [:compile, :test]
         | 
    
        data/argon2id.gemspec
    CHANGED
    
    | @@ -53,7 +53,6 @@ Gem::Specification.new do |s| | |
| 53 53 | 
             
              ]
         | 
| 54 54 | 
             
              s.rdoc_options = ["--main", "README.md"]
         | 
| 55 55 |  | 
| 56 | 
            -
              s.add_runtime_dependency("base64")
         | 
| 57 56 | 
             
              s.add_development_dependency("rake-compiler", "~> 1.2")
         | 
| 58 57 | 
             
              s.add_development_dependency("rake-compiler-dock", "~> 1.5")
         | 
| 59 58 | 
             
              s.add_development_dependency("minitest", "~> 5.25")
         | 
    
        data/ext/argon2id/argon2id.c
    CHANGED
    
    | @@ -70,6 +70,9 @@ rb_argon2id_verify(VALUE module, VALUE encoded, VALUE pwd) { | |
| 70 70 | 
             
              if (result == ARGON2_VERIFY_MISMATCH) {
         | 
| 71 71 | 
             
                return Qfalse;
         | 
| 72 72 | 
             
              }
         | 
| 73 | 
            +
              if (result == ARGON2_DECODING_FAIL || result == ARGON2_DECODING_LENGTH_FAIL) {
         | 
| 74 | 
            +
                rb_raise(rb_eArgError, "%s", argon2_error_message(result));
         | 
| 75 | 
            +
              }
         | 
| 73 76 |  | 
| 74 77 | 
             
              rb_raise(cArgon2idError, "%s", argon2_error_message(result));
         | 
| 75 78 | 
             
            }
         | 
    
        data/lib/3.1/argon2id.so
    CHANGED
    
    | Binary file | 
    
        data/lib/3.2/argon2id.so
    CHANGED
    
    | Binary file | 
    
        data/lib/3.3/argon2id.so
    CHANGED
    
    | Binary file | 
    
        data/lib/argon2id/password.rb
    CHANGED
    
    | @@ -1,6 +1,5 @@ | |
| 1 1 | 
             
            # frozen_string_literal: true
         | 
| 2 2 |  | 
| 3 | 
            -
            require "base64"
         | 
| 4 3 | 
             
            require "openssl"
         | 
| 5 4 |  | 
| 6 5 | 
             
            module Argon2id
         | 
| @@ -12,34 +11,67 @@ module Argon2id | |
| 12 11 | 
             
              #   password.to_s
         | 
| 13 12 | 
             
              #   #=> "$argon2id$v=19$m=19456,t=2,p=1$+Lrjry9Ifq0poLr15OGU1Q$utkDvejJB0ugwm4s9+a+vF6+1a/W+Y3CYa5Wte/85ig"
         | 
| 14 13 | 
             
              #
         | 
| 15 | 
            -
              # To  | 
| 14 | 
            +
              # To wrap an encoded Argon2id password hash, use Argon2id::Password.new:
         | 
| 16 15 | 
             
              #
         | 
| 17 | 
            -
              #   password = Argon2id::Password.new("$argon2id$v=19$m= | 
| 18 | 
            -
              # | 
| 19 | 
            -
              # | 
| 16 | 
            +
              #   password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 17 | 
            +
              #
         | 
| 18 | 
            +
              # You can then verify it matches a given plain text:
         | 
| 19 | 
            +
              #
         | 
| 20 | 
            +
              #   password == "password"     #=> true
         | 
| 21 | 
            +
              #   password == "not password" #=> false
         | 
| 22 | 
            +
              #
         | 
| 23 | 
            +
              #   password.is_password?("password")     #=> true
         | 
| 24 | 
            +
              #   password.is_password?("not password") #=> false
         | 
| 25 | 
            +
              #
         | 
| 26 | 
            +
              # You can read various parameters out of a password hash:
         | 
| 27 | 
            +
              #
         | 
| 28 | 
            +
              #   password.type        #=> "argon2id"
         | 
| 29 | 
            +
              #   password.version     #=> 19
         | 
| 30 | 
            +
              #   password.m_cost      #=> 19456
         | 
| 31 | 
            +
              #   password.t_cost      #=> 2
         | 
| 32 | 
            +
              #   password.parallelism #=> 1
         | 
| 33 | 
            +
              #   password.salt        #=>  "somesalt"
         | 
| 20 34 | 
             
              class Password
         | 
| 21 35 | 
             
                # A regular expression to match valid hashes.
         | 
| 22 36 | 
             
                PATTERN = %r{
         | 
| 23 37 | 
             
                  \A
         | 
| 24 38 | 
             
                  \$
         | 
| 25 | 
            -
                  argon2(?:id|i|d)
         | 
| 26 | 
            -
                  (?:\$v | 
| 27 | 
            -
                  \$m | 
| 28 | 
            -
                  ,t | 
| 29 | 
            -
                  ,p | 
| 39 | 
            +
                  (argon2(?:id|i|d))
         | 
| 40 | 
            +
                  (?:\$v=(\d+))?
         | 
| 41 | 
            +
                  \$m=(\d+)
         | 
| 42 | 
            +
                  ,t=(\d+)
         | 
| 43 | 
            +
                  ,p=(\d+)
         | 
| 30 44 | 
             
                  \$
         | 
| 31 | 
            -
                  ( | 
| 45 | 
            +
                  ([a-zA-Z0-9+/]+)
         | 
| 32 46 | 
             
                  \$
         | 
| 33 | 
            -
                  [a-zA-Z0-9+/]+
         | 
| 47 | 
            +
                  ([a-zA-Z0-9+/]+)
         | 
| 34 48 | 
             
                  \z
         | 
| 35 49 | 
             
                }x.freeze
         | 
| 36 50 |  | 
| 37 51 | 
             
                # The encoded password hash.
         | 
| 38 52 | 
             
                attr_reader :encoded
         | 
| 39 53 |  | 
| 54 | 
            +
                # The type of the hashing function.
         | 
| 55 | 
            +
                attr_reader :type
         | 
| 56 | 
            +
             | 
| 57 | 
            +
                # The version number of the hashing function.
         | 
| 58 | 
            +
                attr_reader :version
         | 
| 59 | 
            +
             | 
| 60 | 
            +
                # The "time cost" of the hashing function.
         | 
| 61 | 
            +
                attr_reader :t_cost
         | 
| 62 | 
            +
             | 
| 63 | 
            +
                # The "memory cost" of the hashing function.
         | 
| 64 | 
            +
                attr_reader :m_cost
         | 
| 65 | 
            +
             | 
| 66 | 
            +
                # The number of threads and compute lanes of the hashing function.
         | 
| 67 | 
            +
                attr_reader :parallelism
         | 
| 68 | 
            +
             | 
| 40 69 | 
             
                # The salt.
         | 
| 41 70 | 
             
                attr_reader :salt
         | 
| 42 71 |  | 
| 72 | 
            +
                # The hash output.
         | 
| 73 | 
            +
                attr_reader :output
         | 
| 74 | 
            +
             | 
| 43 75 | 
             
                # Create a new Password object that hashes a given plain text password +pwd+.
         | 
| 44 76 | 
             
                #
         | 
| 45 77 | 
             
                # - +:t_cost+: integer (default 2) the "time cost" given as a number of iterations
         | 
| @@ -72,8 +104,6 @@ module Argon2id | |
| 72 104 | 
             
                  )
         | 
| 73 105 | 
             
                end
         | 
| 74 106 |  | 
| 75 | 
            -
                # call-seq: Argon2id::Password.new(encoded)
         | 
| 76 | 
            -
                #
         | 
| 77 107 | 
             
                # Create a new Password with the given encoded password hash.
         | 
| 78 108 | 
             
                #
         | 
| 79 109 | 
             
                #   password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
         | 
| @@ -82,17 +112,21 @@ module Argon2id | |
| 82 112 | 
             
                def initialize(encoded)
         | 
| 83 113 | 
             
                  raise ArgumentError, "invalid hash" unless PATTERN =~ String(encoded)
         | 
| 84 114 |  | 
| 85 | 
            -
                  @encoded =  | 
| 86 | 
            -
                  @ | 
| 115 | 
            +
                  @encoded = $&
         | 
| 116 | 
            +
                  @type = $1
         | 
| 117 | 
            +
                  @version = Integer($2 || 0x10)
         | 
| 118 | 
            +
                  @m_cost = Integer($3)
         | 
| 119 | 
            +
                  @t_cost = Integer($4)
         | 
| 120 | 
            +
                  @parallelism = Integer($5)
         | 
| 121 | 
            +
                  @salt = $6.unpack1("m")
         | 
| 122 | 
            +
                  @output = $7.unpack1("m")
         | 
| 87 123 | 
             
                end
         | 
| 88 124 |  | 
| 89 125 | 
             
                # Return the encoded password hash.
         | 
| 90 | 
            -
                 | 
| 91 | 
            -
                  encoded
         | 
| 92 | 
            -
                end
         | 
| 126 | 
            +
                alias_method :to_s, :encoded
         | 
| 93 127 |  | 
| 94 | 
            -
                # Compare the password with given plain text, returning true if it | 
| 95 | 
            -
                # successfully.
         | 
| 128 | 
            +
                # Compare the password with the given plain text, returning true if it
         | 
| 129 | 
            +
                # verifies successfully.
         | 
| 96 130 | 
             
                #
         | 
| 97 131 | 
             
                #   password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
         | 
| 98 132 | 
             
                #   password == "password"    #=> true
         | 
    
        data/lib/argon2id/version.rb
    CHANGED
    
    
    
        data/lib/argon2id.rb
    CHANGED
    
    | @@ -1,10 +1,14 @@ | |
| 1 1 | 
             
            # frozen_string_literal: true
         | 
| 2 2 |  | 
| 3 | 
            -
             | 
| 4 | 
            -
               | 
| 5 | 
            -
             | 
| 6 | 
            -
             | 
| 7 | 
            -
             | 
| 3 | 
            +
            if RUBY_PLATFORM == "java"
         | 
| 4 | 
            +
              require "openssl"
         | 
| 5 | 
            +
            else
         | 
| 6 | 
            +
              begin
         | 
| 7 | 
            +
                ::RUBY_VERSION =~ /(\d+\.\d+)/
         | 
| 8 | 
            +
                require_relative "#{Regexp.last_match(1)}/argon2id.so"
         | 
| 9 | 
            +
              rescue LoadError
         | 
| 10 | 
            +
                require "argon2id.so"
         | 
| 11 | 
            +
              end
         | 
| 8 12 | 
             
            end
         | 
| 9 13 |  | 
| 10 14 | 
             
            require "argon2id/version"
         | 
| @@ -48,4 +52,54 @@ module Argon2id | |
| 48 52 | 
             
                # The default desired length of the hash in bytes used by Argon2id::Password.create
         | 
| 49 53 | 
             
                attr_accessor :output_len
         | 
| 50 54 | 
             
              end
         | 
| 55 | 
            +
             | 
| 56 | 
            +
              if RUBY_PLATFORM == "java"
         | 
| 57 | 
            +
                Error = Class.new(StandardError)
         | 
| 58 | 
            +
             | 
| 59 | 
            +
                def self.hash_encoded(t_cost, m_cost, parallelism, pwd, salt, hashlen)
         | 
| 60 | 
            +
                  raise Error, "Salt is too short" unless String(salt).bytesize.positive?
         | 
| 61 | 
            +
             | 
| 62 | 
            +
                  hash = Java::byte[Integer(hashlen)].new
         | 
| 63 | 
            +
                  params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
         | 
| 64 | 
            +
                    .new(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_id)
         | 
| 65 | 
            +
                    .with_salt(String(salt).to_java_bytes)
         | 
| 66 | 
            +
                    .with_parallelism(Integer(parallelism))
         | 
| 67 | 
            +
                    .with_memory_as_kb(Integer(m_cost))
         | 
| 68 | 
            +
                    .with_iterations(Integer(t_cost))
         | 
| 69 | 
            +
                    .build
         | 
| 70 | 
            +
                  generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
         | 
| 71 | 
            +
                  encoder = Java::JavaUtil::Base64.get_encoder.without_padding
         | 
| 72 | 
            +
             | 
| 73 | 
            +
                  generator.init(params)
         | 
| 74 | 
            +
                  generator.generate_bytes(String(pwd).to_java_bytes, hash)
         | 
| 75 | 
            +
             | 
| 76 | 
            +
                  encoded_salt = encoder.encode_to_string(params.get_salt)
         | 
| 77 | 
            +
                  encoded_output = encoder.encode_to_string(hash)
         | 
| 78 | 
            +
             | 
| 79 | 
            +
                  "$argon2id$v=#{params.get_version}$m=#{params.get_memory}," \
         | 
| 80 | 
            +
                    "t=#{params.get_iterations},p=#{params.get_lanes}" \
         | 
| 81 | 
            +
                    "$#{encoded_salt}$#{encoded_output}"
         | 
| 82 | 
            +
                rescue => e
         | 
| 83 | 
            +
                  raise Error, e.message
         | 
| 84 | 
            +
                end
         | 
| 85 | 
            +
             | 
| 86 | 
            +
                def self.verify(encoded, pwd)
         | 
| 87 | 
            +
                  password = Password.new(encoded)
         | 
| 88 | 
            +
                  other_password = Password.new(
         | 
| 89 | 
            +
                    hash_encoded(
         | 
| 90 | 
            +
                      password.t_cost,
         | 
| 91 | 
            +
                      password.m_cost,
         | 
| 92 | 
            +
                      password.parallelism,
         | 
| 93 | 
            +
                      String(pwd),
         | 
| 94 | 
            +
                      password.salt,
         | 
| 95 | 
            +
                      password.output.bytesize
         | 
| 96 | 
            +
                    )
         | 
| 97 | 
            +
                  )
         | 
| 98 | 
            +
             | 
| 99 | 
            +
                  Java::OrgBouncycastleUtil::Arrays.constant_time_are_equal(
         | 
| 100 | 
            +
                    password.output.to_java_bytes,
         | 
| 101 | 
            +
                    other_password.output.to_java_bytes
         | 
| 102 | 
            +
                  )
         | 
| 103 | 
            +
                end
         | 
| 104 | 
            +
              end
         | 
| 51 105 | 
             
            end
         | 
    
        data/test/test_hash_encoded.rb
    CHANGED
    
    | @@ -17,42 +17,32 @@ class TestHashEncoded < Minitest::Test | |
| 17 17 | 
             
              end
         | 
| 18 18 |  | 
| 19 19 | 
             
              def test_raises_with_too_short_output
         | 
| 20 | 
            -
                 | 
| 20 | 
            +
                assert_raises(Argon2id::Error) do
         | 
| 21 21 | 
             
                  Argon2id.hash_encoded(2, 256, 1, "password", "somesalt", 1)
         | 
| 22 22 | 
             
                end
         | 
| 23 | 
            -
             | 
| 24 | 
            -
                assert_equal "Output is too short", error.message
         | 
| 25 23 | 
             
              end
         | 
| 26 24 |  | 
| 27 25 | 
             
              def test_raises_with_too_few_lanes
         | 
| 28 | 
            -
                 | 
| 26 | 
            +
                assert_raises(Argon2id::Error) do
         | 
| 29 27 | 
             
                  Argon2id.hash_encoded(2, 256, 0, "password", "somesalt", 32)
         | 
| 30 28 | 
             
                end
         | 
| 31 | 
            -
             | 
| 32 | 
            -
                assert_equal "Too few lanes", error.message
         | 
| 33 29 | 
             
              end
         | 
| 34 30 |  | 
| 35 31 | 
             
              def test_raises_with_too_small_memory_cost
         | 
| 36 | 
            -
                 | 
| 32 | 
            +
                assert_raises(Argon2id::Error) do
         | 
| 37 33 | 
             
                  Argon2id.hash_encoded(2, 0, 1, "password", "somesalt", 32)
         | 
| 38 34 | 
             
                end
         | 
| 39 | 
            -
             | 
| 40 | 
            -
                assert_equal "Memory cost is too small", error.message
         | 
| 41 35 | 
             
              end
         | 
| 42 36 |  | 
| 43 37 | 
             
              def test_raises_with_too_small_time_cost
         | 
| 44 | 
            -
                 | 
| 38 | 
            +
                assert_raises(Argon2id::Error) do
         | 
| 45 39 | 
             
                  Argon2id.hash_encoded(0, 256, 1, "password", "somesalt", 32)
         | 
| 46 40 | 
             
                end
         | 
| 47 | 
            -
             | 
| 48 | 
            -
                assert_equal "Time cost is too small", error.message
         | 
| 49 41 | 
             
              end
         | 
| 50 42 |  | 
| 51 43 | 
             
              def test_raises_with_too_short_salt
         | 
| 52 | 
            -
                 | 
| 53 | 
            -
                  Argon2id.hash_encoded( | 
| 44 | 
            +
                assert_raises(Argon2id::Error) do
         | 
| 45 | 
            +
                  Argon2id.hash_encoded(2, 256, 1, "password", "", 32)
         | 
| 54 46 | 
             
                end
         | 
| 55 | 
            -
             | 
| 56 | 
            -
                assert_equal "Salt is too short", error.message
         | 
| 57 47 | 
             
              end
         | 
| 58 48 | 
             
            end
         | 
    
        data/test/test_password.rb
    CHANGED
    
    | @@ -109,4 +109,64 @@ class TestPassword < Minitest::Test | |
| 109 109 |  | 
| 110 110 | 
             
                assert Argon2id::Password.new(password) == "password"
         | 
| 111 111 | 
             
              end
         | 
| 112 | 
            +
             | 
| 113 | 
            +
              def test_extracting_type_from_hash
         | 
| 114 | 
            +
                password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 115 | 
            +
             | 
| 116 | 
            +
                assert_equal "argon2id", password.type
         | 
| 117 | 
            +
              end
         | 
| 118 | 
            +
             | 
| 119 | 
            +
              def test_extracting_type_from_argoni_hash
         | 
| 120 | 
            +
                password = Argon2id::Password.new("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 121 | 
            +
             | 
| 122 | 
            +
                assert_equal "argon2i", password.type
         | 
| 123 | 
            +
              end
         | 
| 124 | 
            +
             | 
| 125 | 
            +
              def test_extracting_version_from_hash
         | 
| 126 | 
            +
                password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 127 | 
            +
             | 
| 128 | 
            +
                assert_equal 19, password.version
         | 
| 129 | 
            +
              end
         | 
| 130 | 
            +
             | 
| 131 | 
            +
              def test_extracting_version_from_versionless_hash
         | 
| 132 | 
            +
                password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 133 | 
            +
             | 
| 134 | 
            +
                assert_equal 16, password.version
         | 
| 135 | 
            +
              end
         | 
| 136 | 
            +
             | 
| 137 | 
            +
              def test_extracting_time_cost_from_hash
         | 
| 138 | 
            +
                password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 139 | 
            +
             | 
| 140 | 
            +
                assert_equal 2, password.t_cost
         | 
| 141 | 
            +
              end
         | 
| 142 | 
            +
             | 
| 143 | 
            +
              def test_extracting_time_cost_from_versionless_hash
         | 
| 144 | 
            +
                password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 145 | 
            +
             | 
| 146 | 
            +
                assert_equal 2, password.t_cost
         | 
| 147 | 
            +
              end
         | 
| 148 | 
            +
             | 
| 149 | 
            +
              def test_extracting_memory_cost_from_hash
         | 
| 150 | 
            +
                password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 151 | 
            +
             | 
| 152 | 
            +
                assert_equal 256, password.m_cost
         | 
| 153 | 
            +
              end
         | 
| 154 | 
            +
             | 
| 155 | 
            +
              def test_extracting_memory_cost_from_versionless_hash
         | 
| 156 | 
            +
                password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 157 | 
            +
             | 
| 158 | 
            +
                assert_equal 256, password.m_cost
         | 
| 159 | 
            +
              end
         | 
| 160 | 
            +
             | 
| 161 | 
            +
              def test_extracting_parallelism_from_hash
         | 
| 162 | 
            +
                password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 163 | 
            +
             | 
| 164 | 
            +
                assert_equal 1, password.parallelism
         | 
| 165 | 
            +
              end
         | 
| 166 | 
            +
             | 
| 167 | 
            +
              def test_extracting_parallelism_from_versionless_hash
         | 
| 168 | 
            +
                password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
         | 
| 169 | 
            +
             | 
| 170 | 
            +
                assert_equal 1, password.parallelism
         | 
| 171 | 
            +
              end
         | 
| 112 172 | 
             
            end
         | 
    
        data/test/test_verify.rb
    CHANGED
    
    
    
        metadata
    CHANGED
    
    | @@ -1,29 +1,15 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: argon2id
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 0. | 
| 4 | 
            +
              version: 0.4.0
         | 
| 5 5 | 
             
            platform: x64-mingw-ucrt
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - Paul Mucur
         | 
| 8 8 | 
             
            autorequire: 
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2024-11- | 
| 11 | 
            +
            date: 2024-11-02 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 | 
            -
            - !ruby/object:Gem::Dependency
         | 
| 14 | 
            -
              name: base64
         | 
| 15 | 
            -
              requirement: !ruby/object:Gem::Requirement
         | 
| 16 | 
            -
                requirements:
         | 
| 17 | 
            -
                - - ">="
         | 
| 18 | 
            -
                  - !ruby/object:Gem::Version
         | 
| 19 | 
            -
                    version: '0'
         | 
| 20 | 
            -
              type: :runtime
         | 
| 21 | 
            -
              prerelease: false
         | 
| 22 | 
            -
              version_requirements: !ruby/object:Gem::Requirement
         | 
| 23 | 
            -
                requirements:
         | 
| 24 | 
            -
                - - ">="
         | 
| 25 | 
            -
                  - !ruby/object:Gem::Version
         | 
| 26 | 
            -
                    version: '0'
         | 
| 27 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 28 14 | 
             
              name: rake-compiler
         | 
| 29 15 | 
             
              requirement: !ruby/object:Gem::Requirement
         |