argon2id 0.3.0-x86_64-darwin → 0.4.0-x86_64-darwin
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/README.md +21 -11
- data/Rakefile +16 -0
- data/ext/argon2id/argon2id.c +3 -0
- data/lib/2.6/argon2id.bundle +0 -0
- data/lib/2.7/argon2id.bundle +0 -0
- data/lib/3.0/argon2id.bundle +0 -0
- data/lib/3.1/argon2id.bundle +0 -0
- data/lib/3.2/argon2id.bundle +0 -0
- data/lib/3.3/argon2id.bundle +0 -0
- data/lib/argon2id/password.rb +9 -7
- data/lib/argon2id/version.rb +1 -1
- data/lib/argon2id.rb +59 -5
- data/test/test_hash_encoded.rb +6 -16
- data/test/test_verify.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: da53d3a490b1598d4c063f109695b9c40d0eb9f88909c6b9507a7098de242cbf
|
4
|
+
data.tar.gz: 7af365c501fcfcc7768496d7b05be734547c8a4d9c53025fc887936b8679ffcb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 198bed48d67e1ffa7cbe1fb03491e618f62278a34d7741f1094720d61cb538023ad0b6577d1f46abd0c31d010183b8f958df1bced8fccf37caa0f5a0366ecf48
|
7
|
+
data.tar.gz: 3b5d1d267b62c9fc24efd0b01159e5dc0997eaf63f0704ea8be2284d8431ec4be77b47715773eaaf2151c90828cd0891de3690197c43547a696d5bb080b8c542
|
data/CHANGELOG.md
CHANGED
@@ -5,6 +5,20 @@ All notable changes to this project will be documented in this file.
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
7
7
|
|
8
|
+
## [0.4.0] - 2024-11-02
|
9
|
+
|
10
|
+
### Added
|
11
|
+
|
12
|
+
- Added support for JRuby 9.4 by adding an implementation of Argon2id hashing
|
13
|
+
and verification using JRuby-OpenSSL's Bouncy Castle internals.
|
14
|
+
- Added `output` to `Argon2id::Password` instances so the actual "output" part
|
15
|
+
of a password hash can be retrieved (and compared)
|
16
|
+
|
17
|
+
### Changed
|
18
|
+
|
19
|
+
- Verifying a password will now consistently raise an `ArgumentError` when
|
20
|
+
given an invalid encoded hash rather than an `Argon2id::Error`
|
21
|
+
|
8
22
|
## [0.3.0] - 2024-11-01
|
9
23
|
|
10
24
|
### Added
|
@@ -63,6 +77,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
63
77
|
reference C implementation of Argon2, the password-hashing function that won
|
64
78
|
the Password Hashing Competition.
|
65
79
|
|
80
|
+
[0.4.0]: https://github.com/mudge/argon2id/releases/tag/v0.4.0
|
66
81
|
[0.3.0]: https://github.com/mudge/argon2id/releases/tag/v0.3.0
|
67
82
|
[0.2.1]: https://github.com/mudge/argon2id/releases/tag/v0.2.1
|
68
83
|
[0.2.0]: https://github.com/mudge/argon2id/releases/tag/v0.2.0
|
data/README.md
CHANGED
@@ -5,7 +5,7 @@ function that won the 2015 [Password Hashing Competition][].
|
|
5
5
|
|
6
6
|
[![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
|
7
7
|
|
8
|
-
**Current version:** 0.
|
8
|
+
**Current version:** 0.4.0
|
9
9
|
**Bundled Argon2 version:** libargon2.1 (20190702)
|
10
10
|
|
11
11
|
```ruby
|
@@ -13,7 +13,7 @@ Argon2id::Password.create("password").to_s
|
|
13
13
|
#=> "$argon2id$v=19$m=19456,t=2,p=1$agNV6OfDL1OwE44WdrFCJw$ITrBwvCsW4b5GjgZuL67RCcvVMEWBWXtASc9TVyI3rY"
|
14
14
|
|
15
15
|
password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
|
16
|
-
password == "password"
|
16
|
+
password == "password" #=> true
|
17
17
|
password == "not password" #=> false
|
18
18
|
|
19
19
|
password.m_cost #=> 19456
|
@@ -143,7 +143,7 @@ password.is_password?("opensesame") #=> true
|
|
143
143
|
password.is_password?("notopensesame") #=> false
|
144
144
|
```
|
145
145
|
|
146
|
-
The various
|
146
|
+
The various parts of the encoded password can be retrieved:
|
147
147
|
|
148
148
|
```ruby
|
149
149
|
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
@@ -153,6 +153,8 @@ password.m_cost #=> 256
|
|
153
153
|
password.t_cost #=> 2
|
154
154
|
password.parallelism #=> 1
|
155
155
|
password.salt #=> "somesalt"
|
156
|
+
password.output
|
157
|
+
#=> "\x9D\xFE\xB9\x10\xE8\v\xAD\x03\x11\xFE\xE2\x0F\x9C\x0E+\x12\xC1y\x87\xB4\xCA\xC9\f.\xF5M[0!\xC6\x8B\xFE"
|
156
158
|
```
|
157
159
|
|
158
160
|
### Errors
|
@@ -166,9 +168,16 @@ Argon2id::Password.create("password", salt_len: 0)
|
|
166
168
|
|
167
169
|
## Requirements
|
168
170
|
|
169
|
-
This gem requires the following to run:
|
171
|
+
This gem requires any of the following to run:
|
170
172
|
|
171
173
|
* [Ruby](https://www.ruby-lang.org/en/) 2.6 to 3.3
|
174
|
+
* [JRuby](https://www.jruby.org) 9.4
|
175
|
+
* [TruffleRuby](https://www.graalvm.org/ruby/) 24.1
|
176
|
+
|
177
|
+
> [!NOTE]
|
178
|
+
> The JRuby version of the gem uses
|
179
|
+
> [JRuby-OpenSSL](https://github.com/jruby/jruby-openssl)'s implementation of
|
180
|
+
> Argon2 instead of the reference C implementation.
|
172
181
|
|
173
182
|
### Native gems
|
174
183
|
|
@@ -180,6 +189,7 @@ Where possible, a pre-compiled native gem will be provided for the following pla
|
|
180
189
|
* [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported as long as a [glibc-compatible library is installed](https://wiki.alpinelinux.org/wiki/Running_glibc_programs)
|
181
190
|
* macOS `x86_64-darwin` and `arm64-darwin`
|
182
191
|
* Windows `x64-mingw32` and `x64-mingw-ucrt`
|
192
|
+
* Java: any platform running JRuby 9.4 or higher
|
183
193
|
|
184
194
|
### Verifying the gems
|
185
195
|
|
@@ -188,11 +198,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
|
|
188
198
|
checked with `sha256sum`, e.g.
|
189
199
|
|
190
200
|
```console
|
191
|
-
$ gem fetch argon2id -v 0.
|
192
|
-
Fetching argon2id-0.
|
193
|
-
Downloaded argon2id-0.
|
194
|
-
$ sha256sum argon2id-0.
|
195
|
-
|
201
|
+
$ gem fetch argon2id -v 0.3.0
|
202
|
+
Fetching argon2id-0.3.0-arm64-darwin.gem
|
203
|
+
Downloaded argon2id-0.3.0-arm64-darwin
|
204
|
+
$ sha256sum argon2id-0.3.0-arm64-darwin.gem
|
205
|
+
9d49de6840942b48d020dddd422a1577fde7289ccb08a637bdb29f4a09b4e181 argon2id-0.3.0-arm64-darwin.gem
|
196
206
|
```
|
197
207
|
|
198
208
|
[GPG](https://www.gnupg.org/) signatures are attached to each release (the
|
@@ -202,8 +212,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
|
|
202
212
|
0x39AC3530070E0F75`):
|
203
213
|
|
204
214
|
```console
|
205
|
-
$ gpg --verify argon2id-0.
|
206
|
-
gpg: Signature made Fri 1 Nov 15:
|
215
|
+
$ gpg --verify argon2id-0.3.0-arm64-darwin.gem.sig argon2id-0.3.0-arm64-darwin.gem
|
216
|
+
gpg: Signature made Fri 1 Nov 18:15:47 2024 GMT
|
207
217
|
gpg: using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
|
208
218
|
gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
|
209
219
|
gpg: aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
|
data/Rakefile
CHANGED
@@ -20,6 +20,13 @@ ENV["RUBY_CC_VERSION"] = %w[3.3.0 3.2.0 3.1.0 3.0.0 2.7.0 2.6.0].join(":")
|
|
20
20
|
|
21
21
|
gemspec = Gem::Specification.load("argon2id.gemspec")
|
22
22
|
|
23
|
+
if RUBY_PLATFORM == "java"
|
24
|
+
gemspec.files.reject! { |path| File.fnmatch?("ext/*", path) }
|
25
|
+
gemspec.extensions.clear
|
26
|
+
gemspec.platform = Gem::Platform.new("java")
|
27
|
+
gemspec.required_ruby_version = ">= 3.1.0"
|
28
|
+
end
|
29
|
+
|
23
30
|
Gem::PackageTask.new(gemspec).define
|
24
31
|
|
25
32
|
Rake::ExtensionTask.new("argon2id", gemspec) do |e|
|
@@ -50,6 +57,15 @@ namespace :gem do
|
|
50
57
|
SCRIPT
|
51
58
|
end
|
52
59
|
end
|
60
|
+
|
61
|
+
desc "Compile gem for JRuby"
|
62
|
+
task :jruby do
|
63
|
+
RakeCompilerDock.sh <<~SCRIPT, rubyvm: "jruby", platform: "jruby", verbose: true
|
64
|
+
gem install bundler --no-document &&
|
65
|
+
bundle &&
|
66
|
+
bundle exec rake gem
|
67
|
+
SCRIPT
|
68
|
+
end
|
53
69
|
end
|
54
70
|
|
55
71
|
task default: [:compile, :test]
|
data/ext/argon2id/argon2id.c
CHANGED
@@ -70,6 +70,9 @@ rb_argon2id_verify(VALUE module, VALUE encoded, VALUE pwd) {
|
|
70
70
|
if (result == ARGON2_VERIFY_MISMATCH) {
|
71
71
|
return Qfalse;
|
72
72
|
}
|
73
|
+
if (result == ARGON2_DECODING_FAIL || result == ARGON2_DECODING_LENGTH_FAIL) {
|
74
|
+
rb_raise(rb_eArgError, "%s", argon2_error_message(result));
|
75
|
+
}
|
73
76
|
|
74
77
|
rb_raise(cArgon2idError, "%s", argon2_error_message(result));
|
75
78
|
}
|
data/lib/2.6/argon2id.bundle
CHANGED
Binary file
|
data/lib/2.7/argon2id.bundle
CHANGED
Binary file
|
data/lib/3.0/argon2id.bundle
CHANGED
Binary file
|
data/lib/3.1/argon2id.bundle
CHANGED
Binary file
|
data/lib/3.2/argon2id.bundle
CHANGED
Binary file
|
data/lib/3.3/argon2id.bundle
CHANGED
Binary file
|
data/lib/argon2id/password.rb
CHANGED
@@ -44,7 +44,7 @@ module Argon2id
|
|
44
44
|
\$
|
45
45
|
([a-zA-Z0-9+/]+)
|
46
46
|
\$
|
47
|
-
[a-zA-Z0-9+/]+
|
47
|
+
([a-zA-Z0-9+/]+)
|
48
48
|
\z
|
49
49
|
}x.freeze
|
50
50
|
|
@@ -69,6 +69,9 @@ module Argon2id
|
|
69
69
|
# The salt.
|
70
70
|
attr_reader :salt
|
71
71
|
|
72
|
+
# The hash output.
|
73
|
+
attr_reader :output
|
74
|
+
|
72
75
|
# Create a new Password object that hashes a given plain text password +pwd+.
|
73
76
|
#
|
74
77
|
# - +:t_cost+: integer (default 2) the "time cost" given as a number of iterations
|
@@ -101,8 +104,6 @@ module Argon2id
|
|
101
104
|
)
|
102
105
|
end
|
103
106
|
|
104
|
-
# call-seq: Argon2id::Password.new(encoded)
|
105
|
-
#
|
106
107
|
# Create a new Password with the given encoded password hash.
|
107
108
|
#
|
108
109
|
# password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
|
@@ -113,11 +114,12 @@ module Argon2id
|
|
113
114
|
|
114
115
|
@encoded = $&
|
115
116
|
@type = $1
|
116
|
-
@version = ($2 || 0x10)
|
117
|
-
@m_cost = $3
|
118
|
-
@t_cost = $4
|
119
|
-
@parallelism = $5
|
117
|
+
@version = Integer($2 || 0x10)
|
118
|
+
@m_cost = Integer($3)
|
119
|
+
@t_cost = Integer($4)
|
120
|
+
@parallelism = Integer($5)
|
120
121
|
@salt = $6.unpack1("m")
|
122
|
+
@output = $7.unpack1("m")
|
121
123
|
end
|
122
124
|
|
123
125
|
# Return the encoded password hash.
|
data/lib/argon2id/version.rb
CHANGED
data/lib/argon2id.rb
CHANGED
@@ -1,10 +1,14 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
3
|
+
if RUBY_PLATFORM == "java"
|
4
|
+
require "openssl"
|
5
|
+
else
|
6
|
+
begin
|
7
|
+
::RUBY_VERSION =~ /(\d+\.\d+)/
|
8
|
+
require_relative "#{Regexp.last_match(1)}/argon2id.so"
|
9
|
+
rescue LoadError
|
10
|
+
require "argon2id.so"
|
11
|
+
end
|
8
12
|
end
|
9
13
|
|
10
14
|
require "argon2id/version"
|
@@ -48,4 +52,54 @@ module Argon2id
|
|
48
52
|
# The default desired length of the hash in bytes used by Argon2id::Password.create
|
49
53
|
attr_accessor :output_len
|
50
54
|
end
|
55
|
+
|
56
|
+
if RUBY_PLATFORM == "java"
|
57
|
+
Error = Class.new(StandardError)
|
58
|
+
|
59
|
+
def self.hash_encoded(t_cost, m_cost, parallelism, pwd, salt, hashlen)
|
60
|
+
raise Error, "Salt is too short" unless String(salt).bytesize.positive?
|
61
|
+
|
62
|
+
hash = Java::byte[Integer(hashlen)].new
|
63
|
+
params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
|
64
|
+
.new(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_id)
|
65
|
+
.with_salt(String(salt).to_java_bytes)
|
66
|
+
.with_parallelism(Integer(parallelism))
|
67
|
+
.with_memory_as_kb(Integer(m_cost))
|
68
|
+
.with_iterations(Integer(t_cost))
|
69
|
+
.build
|
70
|
+
generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
|
71
|
+
encoder = Java::JavaUtil::Base64.get_encoder.without_padding
|
72
|
+
|
73
|
+
generator.init(params)
|
74
|
+
generator.generate_bytes(String(pwd).to_java_bytes, hash)
|
75
|
+
|
76
|
+
encoded_salt = encoder.encode_to_string(params.get_salt)
|
77
|
+
encoded_output = encoder.encode_to_string(hash)
|
78
|
+
|
79
|
+
"$argon2id$v=#{params.get_version}$m=#{params.get_memory}," \
|
80
|
+
"t=#{params.get_iterations},p=#{params.get_lanes}" \
|
81
|
+
"$#{encoded_salt}$#{encoded_output}"
|
82
|
+
rescue => e
|
83
|
+
raise Error, e.message
|
84
|
+
end
|
85
|
+
|
86
|
+
def self.verify(encoded, pwd)
|
87
|
+
password = Password.new(encoded)
|
88
|
+
other_password = Password.new(
|
89
|
+
hash_encoded(
|
90
|
+
password.t_cost,
|
91
|
+
password.m_cost,
|
92
|
+
password.parallelism,
|
93
|
+
String(pwd),
|
94
|
+
password.salt,
|
95
|
+
password.output.bytesize
|
96
|
+
)
|
97
|
+
)
|
98
|
+
|
99
|
+
Java::OrgBouncycastleUtil::Arrays.constant_time_are_equal(
|
100
|
+
password.output.to_java_bytes,
|
101
|
+
other_password.output.to_java_bytes
|
102
|
+
)
|
103
|
+
end
|
104
|
+
end
|
51
105
|
end
|
data/test/test_hash_encoded.rb
CHANGED
@@ -17,42 +17,32 @@ class TestHashEncoded < Minitest::Test
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def test_raises_with_too_short_output
|
20
|
-
|
20
|
+
assert_raises(Argon2id::Error) do
|
21
21
|
Argon2id.hash_encoded(2, 256, 1, "password", "somesalt", 1)
|
22
22
|
end
|
23
|
-
|
24
|
-
assert_equal "Output is too short", error.message
|
25
23
|
end
|
26
24
|
|
27
25
|
def test_raises_with_too_few_lanes
|
28
|
-
|
26
|
+
assert_raises(Argon2id::Error) do
|
29
27
|
Argon2id.hash_encoded(2, 256, 0, "password", "somesalt", 32)
|
30
28
|
end
|
31
|
-
|
32
|
-
assert_equal "Too few lanes", error.message
|
33
29
|
end
|
34
30
|
|
35
31
|
def test_raises_with_too_small_memory_cost
|
36
|
-
|
32
|
+
assert_raises(Argon2id::Error) do
|
37
33
|
Argon2id.hash_encoded(2, 0, 1, "password", "somesalt", 32)
|
38
34
|
end
|
39
|
-
|
40
|
-
assert_equal "Memory cost is too small", error.message
|
41
35
|
end
|
42
36
|
|
43
37
|
def test_raises_with_too_small_time_cost
|
44
|
-
|
38
|
+
assert_raises(Argon2id::Error) do
|
45
39
|
Argon2id.hash_encoded(0, 256, 1, "password", "somesalt", 32)
|
46
40
|
end
|
47
|
-
|
48
|
-
assert_equal "Time cost is too small", error.message
|
49
41
|
end
|
50
42
|
|
51
43
|
def test_raises_with_too_short_salt
|
52
|
-
|
53
|
-
Argon2id.hash_encoded(
|
44
|
+
assert_raises(Argon2id::Error) do
|
45
|
+
Argon2id.hash_encoded(2, 256, 1, "password", "", 32)
|
54
46
|
end
|
55
|
-
|
56
|
-
assert_equal "Salt is too short", error.message
|
57
47
|
end
|
58
48
|
end
|
data/test/test_verify.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: argon2id
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: x86_64-darwin
|
6
6
|
authors:
|
7
7
|
- Paul Mucur
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-11-
|
11
|
+
date: 2024-11-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake-compiler
|