argon2id 0.4.0-java → 0.4.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -1
- data/README.md +13 -13
- data/argon2id.gemspec +1 -1
- data/lib/argon2id/version.rb +1 -1
- data/lib/argon2id.rb +31 -28
- data/test/test_hash_encoded.rb +6 -0
- data/test/test_password.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5d2103d10492a2c2c0cfd66cf59d116585d84b775eae2d282df0b16140e1f722
|
4
|
+
data.tar.gz: 8242e5981340dc11fdf78e8e3e8960ea6d9d7b2a0e63f3d0e0e551806c04ec33
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c19d6a1eaefa1deb9afd2e224b995febe9578ada6d55cabdf612c4c5e0f02e74fabe5deca9249e2e99e71c734b857232359ca7dd89b6a099be89ad31ac8e7f8f
|
7
|
+
data.tar.gz: 0d2edbde8f4941bf20ec737a947374e67874a96a5c9f239b670917238da27715bf502f514229774cfab0dc24fcdc664deaf6c289ade5742b7c2181e49c74662a
|
data/CHANGELOG.md
CHANGED
@@ -5,12 +5,21 @@ All notable changes to this project will be documented in this file.
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
7
7
|
|
8
|
+
## [0.4.1] - 2024-11-02
|
9
|
+
|
10
|
+
### Changed
|
11
|
+
|
12
|
+
- Refactor verification on JRuby to avoid parsing encoded hashes unnecessarily
|
13
|
+
- No longer describe the gem in terms of bindings to the reference C
|
14
|
+
implementation given the Bouncy Castle-based JRuby implementation
|
15
|
+
- Only wrap `IllegalStateException` with `Argon2id::Error` on JRuby
|
16
|
+
|
8
17
|
## [0.4.0] - 2024-11-02
|
9
18
|
|
10
19
|
### Added
|
11
20
|
|
12
21
|
- Added support for JRuby 9.4 by adding an implementation of Argon2id hashing
|
13
|
-
and verification using JRuby-OpenSSL's Bouncy Castle internals
|
22
|
+
and verification using JRuby-OpenSSL's Bouncy Castle internals
|
14
23
|
- Added `output` to `Argon2id::Password` instances so the actual "output" part
|
15
24
|
of a password hash can be retrieved (and compared)
|
16
25
|
|
@@ -77,6 +86,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
77
86
|
reference C implementation of Argon2, the password-hashing function that won
|
78
87
|
the Password Hashing Competition.
|
79
88
|
|
89
|
+
[0.4.1]: https://github.com/mudge/argon2id/releases/tag/v0.4.1
|
80
90
|
[0.4.0]: https://github.com/mudge/argon2id/releases/tag/v0.4.0
|
81
91
|
[0.3.0]: https://github.com/mudge/argon2id/releases/tag/v0.3.0
|
82
92
|
[0.2.1]: https://github.com/mudge/argon2id/releases/tag/v0.2.1
|
data/README.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
# Argon2id - Ruby bindings to the OWASP recommended password-hashing function
|
2
2
|
|
3
|
-
Ruby bindings to
|
4
|
-
|
3
|
+
Ruby bindings to [Argon2][], the password-hashing function that won the 2015
|
4
|
+
[Password Hashing Competition][].
|
5
5
|
|
6
6
|
[![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
|
7
7
|
|
8
|
-
**Current version:** 0.4.
|
8
|
+
**Current version:** 0.4.1
|
9
9
|
**Bundled Argon2 version:** libargon2.1 (20190702)
|
10
10
|
|
11
11
|
```ruby
|
@@ -127,7 +127,7 @@ password == "opensesame" #=> true
|
|
127
127
|
password == "notopensesame" #=> false
|
128
128
|
```
|
129
129
|
|
130
|
-
Or, if you only have the hash (e.g. retrieved from storage):
|
130
|
+
Or, if you only have the encoded hash (e.g. retrieved from storage):
|
131
131
|
|
132
132
|
```ruby
|
133
133
|
password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
|
@@ -143,7 +143,7 @@ password.is_password?("opensesame") #=> true
|
|
143
143
|
password.is_password?("notopensesame") #=> false
|
144
144
|
```
|
145
145
|
|
146
|
-
The various parts of the encoded
|
146
|
+
The various parts of the encoded hash can be retrieved:
|
147
147
|
|
148
148
|
```ruby
|
149
149
|
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
@@ -177,7 +177,7 @@ This gem requires any of the following to run:
|
|
177
177
|
> [!NOTE]
|
178
178
|
> The JRuby version of the gem uses
|
179
179
|
> [JRuby-OpenSSL](https://github.com/jruby/jruby-openssl)'s implementation of
|
180
|
-
> Argon2
|
180
|
+
> Argon2 while the others use the reference C implementation.
|
181
181
|
|
182
182
|
### Native gems
|
183
183
|
|
@@ -198,11 +198,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
|
|
198
198
|
checked with `sha256sum`, e.g.
|
199
199
|
|
200
200
|
```console
|
201
|
-
$ gem fetch argon2id -v 0.
|
202
|
-
Fetching argon2id-0.
|
203
|
-
Downloaded argon2id-0.
|
204
|
-
$ sha256sum argon2id-0.
|
205
|
-
|
201
|
+
$ gem fetch argon2id -v 0.4.0
|
202
|
+
Fetching argon2id-0.4.0-arm64-darwin.gem
|
203
|
+
Downloaded argon2id-0.4.0-arm64-darwin
|
204
|
+
$ sha256sum argon2id-0.4.0-arm64-darwin.gem
|
205
|
+
2cecd6d5a1ecaf0a025e95714c0dee22dfc3d4585b649c57c06f432031b55a77 argon2id-0.4.0-arm64-darwin.gem
|
206
206
|
```
|
207
207
|
|
208
208
|
[GPG](https://www.gnupg.org/) signatures are attached to each release (the
|
@@ -212,8 +212,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
|
|
212
212
|
0x39AC3530070E0F75`):
|
213
213
|
|
214
214
|
```console
|
215
|
-
$ gpg --verify argon2id-0.
|
216
|
-
gpg: Signature made
|
215
|
+
$ gpg --verify argon2id-0.4.0-arm64-darwin.gem.sig argon2id-0.4.0-arm64-darwin.gem
|
216
|
+
gpg: Signature made Sat 2 Nov 15:25:15 2024 GMT
|
217
217
|
gpg: using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
|
218
218
|
gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
|
219
219
|
gpg: aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
|
data/argon2id.gemspec
CHANGED
@@ -6,7 +6,7 @@ Gem::Specification.new do |s|
|
|
6
6
|
s.name = "argon2id"
|
7
7
|
s.version = Argon2id::VERSION
|
8
8
|
s.summary = "Ruby bindings to Argon2"
|
9
|
-
s.description = "Ruby bindings to
|
9
|
+
s.description = "Ruby bindings to Argon2, the password-hashing function that won the 2015 Password Hashing Competition."
|
10
10
|
s.license = "BSD-3-Clause"
|
11
11
|
s.authors = ["Paul Mucur"]
|
12
12
|
s.homepage = "https://github.com/mudge/argon2id"
|
data/lib/argon2id/version.rb
CHANGED
data/lib/argon2id.rb
CHANGED
@@ -57,7 +57,35 @@ module Argon2id
|
|
57
57
|
Error = Class.new(StandardError)
|
58
58
|
|
59
59
|
def self.hash_encoded(t_cost, m_cost, parallelism, pwd, salt, hashlen)
|
60
|
-
|
60
|
+
output = hash_raw(t_cost, m_cost, parallelism, pwd, salt, hashlen)
|
61
|
+
|
62
|
+
encoder = Java::JavaUtil::Base64.get_encoder.without_padding
|
63
|
+
encoded_salt = encoder.encode_to_string(salt.to_java_bytes)
|
64
|
+
encoded_output = encoder.encode_to_string(output)
|
65
|
+
|
66
|
+
"$argon2id$v=19$m=#{Integer(m_cost)},t=#{Integer(t_cost)}," \
|
67
|
+
"p=#{Integer(parallelism)}$#{encoded_salt}$#{encoded_output}"
|
68
|
+
end
|
69
|
+
|
70
|
+
def self.verify(encoded, pwd)
|
71
|
+
password = Password.new(encoded)
|
72
|
+
other_raw = hash_raw(
|
73
|
+
password.t_cost,
|
74
|
+
password.m_cost,
|
75
|
+
password.parallelism,
|
76
|
+
String(pwd),
|
77
|
+
password.salt,
|
78
|
+
password.output.bytesize
|
79
|
+
)
|
80
|
+
|
81
|
+
Java::OrgBouncycastleUtil::Arrays.constant_time_are_equal(
|
82
|
+
password.output.to_java_bytes,
|
83
|
+
other_raw
|
84
|
+
)
|
85
|
+
end
|
86
|
+
|
87
|
+
def self.hash_raw(t_cost, m_cost, parallelism, pwd, salt, hashlen)
|
88
|
+
raise Error, "Salt is too short" if String(salt).empty?
|
61
89
|
|
62
90
|
hash = Java::byte[Integer(hashlen)].new
|
63
91
|
params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
|
@@ -68,38 +96,13 @@ module Argon2id
|
|
68
96
|
.with_iterations(Integer(t_cost))
|
69
97
|
.build
|
70
98
|
generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
|
71
|
-
encoder = Java::JavaUtil::Base64.get_encoder.without_padding
|
72
99
|
|
73
100
|
generator.init(params)
|
74
101
|
generator.generate_bytes(String(pwd).to_java_bytes, hash)
|
75
102
|
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
"$argon2id$v=#{params.get_version}$m=#{params.get_memory}," \
|
80
|
-
"t=#{params.get_iterations},p=#{params.get_lanes}" \
|
81
|
-
"$#{encoded_salt}$#{encoded_output}"
|
82
|
-
rescue => e
|
103
|
+
hash
|
104
|
+
rescue Java::JavaLang::IllegalStateException => e
|
83
105
|
raise Error, e.message
|
84
106
|
end
|
85
|
-
|
86
|
-
def self.verify(encoded, pwd)
|
87
|
-
password = Password.new(encoded)
|
88
|
-
other_password = Password.new(
|
89
|
-
hash_encoded(
|
90
|
-
password.t_cost,
|
91
|
-
password.m_cost,
|
92
|
-
password.parallelism,
|
93
|
-
String(pwd),
|
94
|
-
password.salt,
|
95
|
-
password.output.bytesize
|
96
|
-
)
|
97
|
-
)
|
98
|
-
|
99
|
-
Java::OrgBouncycastleUtil::Arrays.constant_time_are_equal(
|
100
|
-
password.output.to_java_bytes,
|
101
|
-
other_password.output.to_java_bytes
|
102
|
-
)
|
103
|
-
end
|
104
107
|
end
|
105
108
|
end
|
data/test/test_hash_encoded.rb
CHANGED
@@ -10,6 +10,12 @@ class TestHashEncoded < Minitest::Test
|
|
10
10
|
assert_equal "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4", encoded
|
11
11
|
end
|
12
12
|
|
13
|
+
def test_password_with_parallelism_of_two
|
14
|
+
encoded = Argon2id.hash_encoded(2, 256, 2, "password", "somesalt", 32)
|
15
|
+
|
16
|
+
assert_equal "$argon2id$v=19$m=256,t=2,p=2$c29tZXNhbHQ$bQk8UB/VmZZF4Oo79iDXuL5/0ttZwg2f/5U52iv1cDc", encoded
|
17
|
+
end
|
18
|
+
|
13
19
|
def test_valid_password_does_not_include_trailing_null_byte
|
14
20
|
encoded = Argon2id.hash_encoded(2, 256, 1, "password", "somesalt", 32)
|
15
21
|
|
data/test/test_password.rb
CHANGED
@@ -169,4 +169,10 @@ class TestPassword < Minitest::Test
|
|
169
169
|
|
170
170
|
assert_equal 1, password.parallelism
|
171
171
|
end
|
172
|
+
|
173
|
+
def test_extracting_output_from_hash
|
174
|
+
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
175
|
+
|
176
|
+
assert_equal "\x9D\xFE\xB9\x10\xE8\v\xAD\x03\x11\xFE\xE2\x0F\x9C\x0E+\x12\xC1y\x87\xB4\xCA\xC9\f.\xF5M[0!\xC6\x8B\xFE".b, password.output
|
177
|
+
end
|
172
178
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: argon2id
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Paul Mucur
|
@@ -52,8 +52,8 @@ dependencies:
|
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '5.25'
|
55
|
-
description: Ruby bindings to the
|
56
|
-
|
55
|
+
description: Ruby bindings to Argon2, the password-hashing function that won the 2015
|
56
|
+
Password Hashing Competition.
|
57
57
|
email:
|
58
58
|
executables: []
|
59
59
|
extensions: []
|