argon2id 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -1
- data/README.md +13 -13
- data/argon2id.gemspec +1 -1
- data/lib/argon2id/version.rb +1 -1
- data/lib/argon2id.rb +31 -28
- data/test/test_hash_encoded.rb +6 -0
- data/test/test_password.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cf19fbe439098391805284f0cce1dfb96265e38f9aaa4fc50966f73d866246e0
|
|
4
|
+
data.tar.gz: 4edab8ef1ea285bd4e8a98e9b340857fbbb9637a1f31797510b16e56fdc93c09
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3393526bbbc5411b75b1b77579e8626195022a2448fc89a3333151e69bcaf56527ef9497c264f9b557ba239ea020d3f25d8cd618925a7d01ab0110d1f1334f8c
|
|
7
|
+
data.tar.gz: 7613d11e0c43b7538e6248122c8351a69c36884e76b339659d0fe27ebfb101df2ce26619349d30083b477a480dfc063e97ba28e2027941fa28a429080dd3c6a8
|
data/CHANGELOG.md
CHANGED
|
@@ -5,12 +5,21 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.4.1] - 2024-11-02
|
|
9
|
+
|
|
10
|
+
### Changed
|
|
11
|
+
|
|
12
|
+
- Refactor verification on JRuby to avoid parsing encoded hashes unnecessarily
|
|
13
|
+
- No longer describe the gem in terms of bindings to the reference C
|
|
14
|
+
implementation given the Bouncy Castle-based JRuby implementation
|
|
15
|
+
- Only wrap `IllegalStateException` with `Argon2id::Error` on JRuby
|
|
16
|
+
|
|
8
17
|
## [0.4.0] - 2024-11-02
|
|
9
18
|
|
|
10
19
|
### Added
|
|
11
20
|
|
|
12
21
|
- Added support for JRuby 9.4 by adding an implementation of Argon2id hashing
|
|
13
|
-
and verification using JRuby-OpenSSL's Bouncy Castle internals
|
|
22
|
+
and verification using JRuby-OpenSSL's Bouncy Castle internals
|
|
14
23
|
- Added `output` to `Argon2id::Password` instances so the actual "output" part
|
|
15
24
|
of a password hash can be retrieved (and compared)
|
|
16
25
|
|
|
@@ -77,6 +86,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
77
86
|
reference C implementation of Argon2, the password-hashing function that won
|
|
78
87
|
the Password Hashing Competition.
|
|
79
88
|
|
|
89
|
+
[0.4.1]: https://github.com/mudge/argon2id/releases/tag/v0.4.1
|
|
80
90
|
[0.4.0]: https://github.com/mudge/argon2id/releases/tag/v0.4.0
|
|
81
91
|
[0.3.0]: https://github.com/mudge/argon2id/releases/tag/v0.3.0
|
|
82
92
|
[0.2.1]: https://github.com/mudge/argon2id/releases/tag/v0.2.1
|
data/README.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# Argon2id - Ruby bindings to the OWASP recommended password-hashing function
|
|
2
2
|
|
|
3
|
-
Ruby bindings to
|
|
4
|
-
|
|
3
|
+
Ruby bindings to [Argon2][], the password-hashing function that won the 2015
|
|
4
|
+
[Password Hashing Competition][].
|
|
5
5
|
|
|
6
6
|
[](https://github.com/mudge/argon2id/actions)
|
|
7
7
|
|
|
8
|
-
**Current version:** 0.4.
|
|
8
|
+
**Current version:** 0.4.1
|
|
9
9
|
**Bundled Argon2 version:** libargon2.1 (20190702)
|
|
10
10
|
|
|
11
11
|
```ruby
|
|
@@ -127,7 +127,7 @@ password == "opensesame" #=> true
|
|
|
127
127
|
password == "notopensesame" #=> false
|
|
128
128
|
```
|
|
129
129
|
|
|
130
|
-
Or, if you only have the hash (e.g. retrieved from storage):
|
|
130
|
+
Or, if you only have the encoded hash (e.g. retrieved from storage):
|
|
131
131
|
|
|
132
132
|
```ruby
|
|
133
133
|
password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
|
|
@@ -143,7 +143,7 @@ password.is_password?("opensesame") #=> true
|
|
|
143
143
|
password.is_password?("notopensesame") #=> false
|
|
144
144
|
```
|
|
145
145
|
|
|
146
|
-
The various parts of the encoded
|
|
146
|
+
The various parts of the encoded hash can be retrieved:
|
|
147
147
|
|
|
148
148
|
```ruby
|
|
149
149
|
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
|
@@ -177,7 +177,7 @@ This gem requires any of the following to run:
|
|
|
177
177
|
> [!NOTE]
|
|
178
178
|
> The JRuby version of the gem uses
|
|
179
179
|
> [JRuby-OpenSSL](https://github.com/jruby/jruby-openssl)'s implementation of
|
|
180
|
-
> Argon2
|
|
180
|
+
> Argon2 while the others use the reference C implementation.
|
|
181
181
|
|
|
182
182
|
### Native gems
|
|
183
183
|
|
|
@@ -198,11 +198,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
|
|
|
198
198
|
checked with `sha256sum`, e.g.
|
|
199
199
|
|
|
200
200
|
```console
|
|
201
|
-
$ gem fetch argon2id -v 0.
|
|
202
|
-
Fetching argon2id-0.
|
|
203
|
-
Downloaded argon2id-0.
|
|
204
|
-
$ sha256sum argon2id-0.
|
|
205
|
-
|
|
201
|
+
$ gem fetch argon2id -v 0.4.0
|
|
202
|
+
Fetching argon2id-0.4.0-arm64-darwin.gem
|
|
203
|
+
Downloaded argon2id-0.4.0-arm64-darwin
|
|
204
|
+
$ sha256sum argon2id-0.4.0-arm64-darwin.gem
|
|
205
|
+
2cecd6d5a1ecaf0a025e95714c0dee22dfc3d4585b649c57c06f432031b55a77 argon2id-0.4.0-arm64-darwin.gem
|
|
206
206
|
```
|
|
207
207
|
|
|
208
208
|
[GPG](https://www.gnupg.org/) signatures are attached to each release (the
|
|
@@ -212,8 +212,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
|
|
|
212
212
|
0x39AC3530070E0F75`):
|
|
213
213
|
|
|
214
214
|
```console
|
|
215
|
-
$ gpg --verify argon2id-0.
|
|
216
|
-
gpg: Signature made
|
|
215
|
+
$ gpg --verify argon2id-0.4.0-arm64-darwin.gem.sig argon2id-0.4.0-arm64-darwin.gem
|
|
216
|
+
gpg: Signature made Sat 2 Nov 15:25:15 2024 GMT
|
|
217
217
|
gpg: using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
|
|
218
218
|
gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
|
|
219
219
|
gpg: aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
|
data/argon2id.gemspec
CHANGED
|
@@ -6,7 +6,7 @@ Gem::Specification.new do |s|
|
|
|
6
6
|
s.name = "argon2id"
|
|
7
7
|
s.version = Argon2id::VERSION
|
|
8
8
|
s.summary = "Ruby bindings to Argon2"
|
|
9
|
-
s.description = "Ruby bindings to
|
|
9
|
+
s.description = "Ruby bindings to Argon2, the password-hashing function that won the 2015 Password Hashing Competition."
|
|
10
10
|
s.license = "BSD-3-Clause"
|
|
11
11
|
s.authors = ["Paul Mucur"]
|
|
12
12
|
s.homepage = "https://github.com/mudge/argon2id"
|
data/lib/argon2id/version.rb
CHANGED
data/lib/argon2id.rb
CHANGED
|
@@ -57,7 +57,35 @@ module Argon2id
|
|
|
57
57
|
Error = Class.new(StandardError)
|
|
58
58
|
|
|
59
59
|
def self.hash_encoded(t_cost, m_cost, parallelism, pwd, salt, hashlen)
|
|
60
|
-
|
|
60
|
+
output = hash_raw(t_cost, m_cost, parallelism, pwd, salt, hashlen)
|
|
61
|
+
|
|
62
|
+
encoder = Java::JavaUtil::Base64.get_encoder.without_padding
|
|
63
|
+
encoded_salt = encoder.encode_to_string(salt.to_java_bytes)
|
|
64
|
+
encoded_output = encoder.encode_to_string(output)
|
|
65
|
+
|
|
66
|
+
"$argon2id$v=19$m=#{Integer(m_cost)},t=#{Integer(t_cost)}," \
|
|
67
|
+
"p=#{Integer(parallelism)}$#{encoded_salt}$#{encoded_output}"
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
def self.verify(encoded, pwd)
|
|
71
|
+
password = Password.new(encoded)
|
|
72
|
+
other_raw = hash_raw(
|
|
73
|
+
password.t_cost,
|
|
74
|
+
password.m_cost,
|
|
75
|
+
password.parallelism,
|
|
76
|
+
String(pwd),
|
|
77
|
+
password.salt,
|
|
78
|
+
password.output.bytesize
|
|
79
|
+
)
|
|
80
|
+
|
|
81
|
+
Java::OrgBouncycastleUtil::Arrays.constant_time_are_equal(
|
|
82
|
+
password.output.to_java_bytes,
|
|
83
|
+
other_raw
|
|
84
|
+
)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def self.hash_raw(t_cost, m_cost, parallelism, pwd, salt, hashlen)
|
|
88
|
+
raise Error, "Salt is too short" if String(salt).empty?
|
|
61
89
|
|
|
62
90
|
hash = Java::byte[Integer(hashlen)].new
|
|
63
91
|
params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
|
|
@@ -68,38 +96,13 @@ module Argon2id
|
|
|
68
96
|
.with_iterations(Integer(t_cost))
|
|
69
97
|
.build
|
|
70
98
|
generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
|
|
71
|
-
encoder = Java::JavaUtil::Base64.get_encoder.without_padding
|
|
72
99
|
|
|
73
100
|
generator.init(params)
|
|
74
101
|
generator.generate_bytes(String(pwd).to_java_bytes, hash)
|
|
75
102
|
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
"$argon2id$v=#{params.get_version}$m=#{params.get_memory}," \
|
|
80
|
-
"t=#{params.get_iterations},p=#{params.get_lanes}" \
|
|
81
|
-
"$#{encoded_salt}$#{encoded_output}"
|
|
82
|
-
rescue => e
|
|
103
|
+
hash
|
|
104
|
+
rescue Java::JavaLang::IllegalStateException => e
|
|
83
105
|
raise Error, e.message
|
|
84
106
|
end
|
|
85
|
-
|
|
86
|
-
def self.verify(encoded, pwd)
|
|
87
|
-
password = Password.new(encoded)
|
|
88
|
-
other_password = Password.new(
|
|
89
|
-
hash_encoded(
|
|
90
|
-
password.t_cost,
|
|
91
|
-
password.m_cost,
|
|
92
|
-
password.parallelism,
|
|
93
|
-
String(pwd),
|
|
94
|
-
password.salt,
|
|
95
|
-
password.output.bytesize
|
|
96
|
-
)
|
|
97
|
-
)
|
|
98
|
-
|
|
99
|
-
Java::OrgBouncycastleUtil::Arrays.constant_time_are_equal(
|
|
100
|
-
password.output.to_java_bytes,
|
|
101
|
-
other_password.output.to_java_bytes
|
|
102
|
-
)
|
|
103
|
-
end
|
|
104
107
|
end
|
|
105
108
|
end
|
data/test/test_hash_encoded.rb
CHANGED
|
@@ -10,6 +10,12 @@ class TestHashEncoded < Minitest::Test
|
|
|
10
10
|
assert_equal "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4", encoded
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
+
def test_password_with_parallelism_of_two
|
|
14
|
+
encoded = Argon2id.hash_encoded(2, 256, 2, "password", "somesalt", 32)
|
|
15
|
+
|
|
16
|
+
assert_equal "$argon2id$v=19$m=256,t=2,p=2$c29tZXNhbHQ$bQk8UB/VmZZF4Oo79iDXuL5/0ttZwg2f/5U52iv1cDc", encoded
|
|
17
|
+
end
|
|
18
|
+
|
|
13
19
|
def test_valid_password_does_not_include_trailing_null_byte
|
|
14
20
|
encoded = Argon2id.hash_encoded(2, 256, 1, "password", "somesalt", 32)
|
|
15
21
|
|
data/test/test_password.rb
CHANGED
|
@@ -169,4 +169,10 @@ class TestPassword < Minitest::Test
|
|
|
169
169
|
|
|
170
170
|
assert_equal 1, password.parallelism
|
|
171
171
|
end
|
|
172
|
+
|
|
173
|
+
def test_extracting_output_from_hash
|
|
174
|
+
password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
|
|
175
|
+
|
|
176
|
+
assert_equal "\x9D\xFE\xB9\x10\xE8\v\xAD\x03\x11\xFE\xE2\x0F\x9C\x0E+\x12\xC1y\x87\xB4\xCA\xC9\f.\xF5M[0!\xC6\x8B\xFE".b, password.output
|
|
177
|
+
end
|
|
172
178
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: argon2id
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Paul Mucur
|
|
@@ -52,8 +52,8 @@ dependencies:
|
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '5.25'
|
|
55
|
-
description: Ruby bindings to the
|
|
56
|
-
|
|
55
|
+
description: Ruby bindings to Argon2, the password-hashing function that won the 2015
|
|
56
|
+
Password Hashing Competition.
|
|
57
57
|
email:
|
|
58
58
|
executables: []
|
|
59
59
|
extensions:
|