argon2id 0.6.0-x64-mingw32 → 0.8.0-x64-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9830d34e6ade0521646b04b6ac5bb6636880959d2fb28e03d30e6302027a016f
-  data.tar.gz: bfa8e53f5b9dffe5f5b7a264400a7aaaa3cecbf4ee9066181272db1c00e47571
+  metadata.gz: 8af73640e8ca69564d3256722e501dabbec024b9b3d7ed1f4c6596ea2b8feef1
+  data.tar.gz: dca194a25686fe693f77fb98aac62d3d91ea89af0fee7a715c698758b26feaf5
 SHA512:
-  metadata.gz: 25d3e39fe9ddd17b9795905fe1c16d20a39b3795e2447c6cf9a9dadad1e09c52be3048dc73783bd0410ce4b279c3cf84c8e37691a9ce0af34b2bed6c3a60db9d
-  data.tar.gz: 25c021ef3950a43fd06441730dd74c9bfa8f86bafde3c098b52020ba48e32b2b8c624dd0f9bfe2a90c02959c4753ab747f4f89cecaf5872e5d22cd16e2381bb4
+  metadata.gz: 8ca451a94ebcac522847b4300b31dad82c02080c495e06df47e85bfd50c5acc5cdb8b3bef5d96a30a29602ba3fb2fd60d8715a68679c740f3ad6eea6131752aa
+  data.tar.gz: ff5772bd5c785ec4cb8db666a66b341b70b2688bcda5b1e5790f8fa98f822c6d058912936fd3fd04eed705ab18547fa4f564f1daa97e623fd0a15ba9012ad74f

data/CHANGELOG.md

@@ -5,6 +5,48 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.0] - 2024-12-29
+
+### Added
+
+- Add Ruby 3.4 support to the precompiled, native gems
+- Restored support for Ruby 2.6, 2.7, and 3.0 after dropping them in 0.8.0.rc1
+
+### Changed
+
+- Provide separate precompiled, native gems for GNU and Musl
+- Require glibc 2.29+ for x86-linux-gnu and x86_64-linux-gnu (and recommend
+  RubyGems 3.3.22+ and Bundler 2.3.21+)
+
+## [0.8.0.rc1] - 2024-12-16
+
+### Added
+
+- Add Ruby 3.4.0-rc1 support to the precompiled, native gems
+
+### Changed
+
+- Provide separate precompiled, native gems for GNU and Musl
+- Require glibc 2.29+ for x86-linux-gnu and x86_64-linux-gnu (and recommend
+  RubyGems 3.3.22+ and Bundler 2.3.21+)
+
+### Removed
+
+- Drop support for Ruby versions older than 3.1 as they do not ship with a
+  version of RubyGems new enough to handle the new Musl gems
+
+## [0.7.0] - 2024-11-08
+
+### Fixed
+
+- Fixed verifying Argon2id encoded hashes without a version number on JRuby
+
+### Added
+
+- Added a new `Argon2id::Password.valid_hash?` API for testing if a given
+  encoded hash is a valid Argon2id hash or not (e.g. if you want to check
+  which hashing function was used to store a user's password)
+
 ## [0.6.0] - 2024-11-05
 
 ### Changed
@@ -99,6 +141,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   reference C implementation of Argon2, the password-hashing function that won
   the Password Hashing Competition.
 
+[0.8.0]: https://github.com/mudge/argon2id/releases/tag/v0.8.0
+[0.8.0.rc1]: https://github.com/mudge/argon2id/releases/tag/v0.8.0.rc1
+[0.7.0]: https://github.com/mudge/argon2id/releases/tag/v0.7.0
 [0.6.0]: https://github.com/mudge/argon2id/releases/tag/v0.6.0
 [0.5.0]: https://github.com/mudge/argon2id/releases/tag/v0.5.0
 [0.4.1]: https://github.com/mudge/argon2id/releases/tag/v0.4.1

data/README.md

@@ -5,7 +5,7 @@ Ruby bindings to [Argon2][], the password-hashing function that won the 2015
 
 [![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
 
-**Current version:** 0.6.0  
+**Current version:** 0.8.0  
 **Bundled Argon2 version:** libargon2.1 (20190702)
 
 ```ruby
@@ -26,7 +26,9 @@ password.salt   #=> "e-\xA7\x04U\x81\xA6{v\xF0x\xED\xCC\xD3\x96\xE3"
 * [Usage](#usage)
     * [Hashing passwords](#hashing-passwords)
     * [Verifying passwords](#verifying-passwords)
+    * [Validating encoded hashes](#validating-encoded-hashes)
     * [Errors](#errors)
+    * [Usage with Active Record](#usage-with-active-record)
 * [Requirements](#requirements)
     * [Native gems](#native-gems)
     * [Verifying the gems](#verifying-the-gems)
@@ -55,6 +57,8 @@ password.salt   #=> "e-\xA7\x04U\x81\xA6{v\xF0x\xED\xCC\xD3\x96\xE3"
 
 — [OWASP Password Storage Cheat Sheet][]
 
+See also [argon2-cffi's "Why 'just use bcrypt' Is Not the Best Answer (Anymore)"](https://argon2-cffi.readthedocs.io/en/23.1.0/argon2.html#why-just-use-bcrypt-is-not-the-best-answer-anymore).
+
 ## Usage
 
 Install argon2id as a dependency:
@@ -147,6 +151,18 @@ password.is_password?("opensesame")    #=> true
 password.is_password?("notopensesame") #=> false
 ```
 
+> [!CAUTION]
+> `Argon2id::Password#==` only works if the plain text password is on the right, e.g. the following behaviour may be surprising:
+>
+> ```ruby
+> password = Argon2id::Password.create("password")
+> password == "password" #=> true
+> "password" == password #=> false
+> password == password   #=> false
+> ```
+>
+> If you want to avoid this ambiguity, prefer the `Argon2id::Password#is_password?` alias instead.
+
 The various parts of the encoded hash can be retrieved:
 
 ```ruby
@@ -160,6 +176,18 @@ password.output
 #=> "\x9D\xFE\xB9\x10\xE8\v\xAD\x03\x11\xFE\xE2\x0F\x9C\x0E+\x12\xC1y\x87\xB4\xCA\xC9\f.\xF5M[0!\xC6\x8B\xFE"
 ```
 
+### Validating encoded hashes
+
+If you need to check ahead of time whether an encoded password hash is a valid Argon2id hash (e.g. if you're migrating between hashing functions and need to test what kind of password has been stored for a user), you can use `Argon2id::Password.valid_hash?` like so:
+
+```ruby
+Argon2id::Password.valid_hash?("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc")
+#=> true
+
+Argon2id::Password.valid_hash?("$2a$12$stsRn7Mi9r02.keRyF4OK.Aq4UWOU185lWggfUQfcupAi.b7AI/nS")
+#=> false
+```
+
 ### Errors
 
 Any errors returned from Argon2 will be raised as `Argon2id::Error`, e.g.
@@ -169,11 +197,67 @@ Argon2id::Password.create("password", salt_len: 0)
 # Salt is too short (Argon2id::Error)
 ```
 
+### Usage with Active Record
+
+If you're planning to use this with Active Record instead of [Rails' own
+bcrypt-based
+`has_secure_password`](https://api.rubyonrails.org/v8.0/classes/ActiveModel/SecurePassword/ClassMethods.html),
+you can use the following as a starting point:
+
+#### The `User` model
+
+```ruby
+require "argon2id"
+
+# Schema: User(name: string, password_digest:string)
+class User < ApplicationRecord
+  attr_reader :password
+
+  validates :password_digest, presence: true
+  validates :password, confirmation: true, allow_blank: true
+
+  def password=(unencrypted_password)
+    if unencrypted_password.nil?
+      @password = nil
+      self.password_digest = nil
+    elsif !unencrypted_password.empty?
+      @password = unencrypted_password
+      self.password_digest = Argon2id::Password.create(unencrypted_password)
+    end
+  end
+
+  def authenticate(unencrypted_password)
+    password_digest? && Argon2id::Password.new(password_digest).is_password?(unencrypted_password) && self
+  end
+
+  def password_salt
+    Argon2id::Password.new(password_digest).salt if password_digest?
+  end
+end
+```
+
+This can then be used like so:
+
+```ruby
+user = User.new(name: "alice", password: "", password_confirmation: "diffpassword")
+user.save                               #=> false, password required
+user.password = "password"
+user.save                               #=> false, confirmation doesn't match
+user.password_confirmation = "password"
+user.save                               #=> true
+
+user.authenticate("notright") #=> false
+user.authenticate("password") #=> user
+
+User.find_by(name: "alice")&.authenticate("notright") #=> false
+User.find_by(name: "alice")&.authenticate("password") #=> user
+```
+
 ## Requirements
 
 This gem requires any of the following to run:
 
-* [Ruby](https://www.ruby-lang.org/en/) 2.6 to 3.3
+* [Ruby](https://www.ruby-lang.org/en/) 2.6 to 3.4
 * [JRuby](https://www.jruby.org) 9.4
 * [TruffleRuby](https://www.graalvm.org/ruby/) 24.1
 
@@ -187,9 +271,8 @@ This gem requires any of the following to run:
 Where possible, a pre-compiled native gem will be provided for the following platforms:
 
 * Linux
-    * `aarch64-linux` and `arm-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.29+)
-    * `x86-linux` and `x86_64-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.17+)
-    * [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported as long as a [glibc-compatible library is installed](https://wiki.alpinelinux.org/wiki/Running_glibc_programs)
+    * `aarch64-linux`, `arm-linux`, `x86-linux`, `x86_64-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.29+, RubyGems 3.3.22+ and Bundler 2.3.21+)
+    * [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported with Bundler 2.5.6+
 * macOS `x86_64-darwin` and `arm64-darwin`
 * Windows `x64-mingw32` and `x64-mingw-ucrt`
 * Java: any platform running JRuby 9.4 or higher
@@ -201,11 +284,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
 checked with `sha256sum`, e.g.
 
 ```console
-$ gem fetch argon2id -v 0.5.0
-Fetching argon2id-0.5.0-arm64-darwin.gem
-Downloaded argon2id-0.5.0-arm64-darwin
-$ sha256sum argon2id-0.5.0-arm64-darwin.gem
-871e9d9bcad09e75620ce9ddd32cd99a4ebc3a6db1516e487680787faa7368a3  argon2id-0.5.0-arm64-darwin.gem
+$ gem fetch argon2id -v 0.7.0
+Fetching argon2id-0.7.0-arm64-darwin.gem
+Downloaded argon2id-0.7.0-arm64-darwin
+$ sha256sum argon2id-0.7.0-arm64-darwin.gem
+26bba5bcefa56827c728222e6df832aef5c8c4f4d3285875859a1d911477ec68  argon2id-0.7.0-arm64-darwin.gem
 ```
 
 [GPG](https://www.gnupg.org/) signatures are attached to each release (the
@@ -215,8 +298,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
 0x39AC3530070E0F75`):
 
 ```console
-$ gpg --verify argon2id-0.5.0-arm64-darwin.gem.sig argon2id-0.5.0-arm64-darwin.gem
-gpg: Signature made Sat  2 Nov 21:09:51 2024 GMT
+$ gpg --verify argon2id-0.7.0-arm64-darwin.gem.sig argon2id-0.7.0-arm64-darwin.gem
+gpg: Signature made Fri  8 Nov 13:45:18 2024 GMT
 gpg:                using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
 gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
 gpg:                 aka "Paul Mucur <paul@ghostcassette.com>" [unknown]

data/Rakefile

@@ -5,18 +5,22 @@ require "minitest/test_task"
 CLEAN.add("lib/**/*.{o,so,bundle}", "pkg")
 
 cross_platforms = %w[
-  aarch64-linux
-  arm-linux
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
   arm64-darwin
   x64-mingw-ucrt
   x64-mingw32
-  x86-linux
+  x86-linux-gnu
+  x86-linux-musl
   x86-mingw32
   x86_64-darwin
-  x86_64-linux
+  x86_64-linux-gnu
+  x86_64-linux-musl
 ].freeze
 
-ENV["RUBY_CC_VERSION"] = %w[3.3.0 3.2.0 3.1.0 3.0.0 2.7.0 2.6.0].join(":")
+ENV["RUBY_CC_VERSION"] = %w[3.4.0 3.3.5 3.2.0 3.1.0 3.0.0 2.7.0 2.6.0].join(":")
 
 gemspec = Gem::Specification.load("argon2id.gemspec")
 

data/argon2id.gemspec

@@ -48,11 +48,12 @@ Gem::Specification.new do |s|
     "lib/argon2id/extension.rb",
     "lib/argon2id/password.rb",
     "lib/argon2id/version.rb",
-    "test/test_password.rb"
+    "test/argon2id/test_password.rb",
+    "test/test_argon2id.rb"
   ]
   s.rdoc_options = ["--main", "README.md"]
 
   s.add_development_dependency("rake-compiler", "~> 1.2")
-  s.add_development_dependency("rake-compiler-dock", "~> 1.5")
+  s.add_development_dependency("rake-compiler-dock", "~> 1.7")
   s.add_development_dependency("minitest", "~> 5.25")
 end

data/lib/argon2id/extension.rb

@@ -15,10 +15,11 @@ if RUBY_PLATFORM == "java"
         output = Java::byte[hashlen].new
         params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
           .new(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_id)
-          .with_salt(salt_bytes)
-          .with_parallelism(parallelism)
-          .with_memory_as_kb(m_cost)
+          .with_version(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_VERSION_13)
           .with_iterations(t_cost)
+          .with_memory_as_kb(m_cost)
+          .with_parallelism(parallelism)
+          .with_salt(salt_bytes)
           .build
         generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
 
@@ -43,10 +44,11 @@ if RUBY_PLATFORM == "java"
         other_output = Java::byte[output.bytesize].new
         params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
           .new(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_id)
-          .with_salt(salt.to_java_bytes)
-          .with_parallelism(parallelism)
-          .with_memory_as_kb(m_cost)
+          .with_version(version)
           .with_iterations(t_cost)
+          .with_memory_as_kb(m_cost)
+          .with_parallelism(parallelism)
+          .with_salt(salt.to_java_bytes)
           .build
         generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
         generator.init(params)

data/lib/argon2id/password.rb

@@ -100,6 +100,13 @@ module Argon2id
       )
     end
 
+    # Check an encoded hash is a valid Argon2id hash.
+    #
+    # Returns true if so and false if not.
+    def self.valid_hash?(encoded)
+      PATTERN.match?(String(encoded))
+    end
+
     # Create a new Password with the given encoded password hash.
     #
     #   password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")

data/lib/argon2id/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Argon2id
-  VERSION = "0.6.0"
+  VERSION = "0.8.0"
 end

data/test/argon2id/test_password.rb

@@ -0,0 +1,554 @@
+# frozen_string_literal: true
+
+require "minitest/autorun"
+require "argon2id"
+
+class StringLike
+  def initialize(str)
+    @str = str
+  end
+
+  def to_s
+    @str
+  end
+end
+
+class TestPassword < Minitest::Test
+  def test_valid_hash_with_argon2id_hash_returns_true
+    assert Argon2id::Password.valid_hash?(
+      "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" \
+      "$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc"
+    )
+  end
+
+  def test_valid_hash_with_versionless_argon2id_hash_returns_true
+    assert Argon2id::Password.valid_hash?(
+      "$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ" \
+      "$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc"
+    )
+  end
+
+  def test_valid_hash_with_argon2i_hash_returns_false
+    refute Argon2id::Password.valid_hash?(
+      "$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" \
+      "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ"
+    )
+  end
+
+  def test_valid_hash_with_partial_argon2id_hash_returns_false
+    refute Argon2id::Password.valid_hash?(
+      "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
+    )
+  end
+
+  def test_valid_hash_with_argon2id_hash_with_null_bytes_returns_false
+    refute Argon2id::Password.valid_hash?(
+      "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" \
+      "$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc\x00foo"
+    )
+  end
+
+  def test_valid_hash_with_bcrypt_hash_returns_false
+    refute Argon2id::Password.valid_hash?(
+      "$2a$12$stsRn7Mi9r02.keRyF4OK.Aq4UWOU185lWggfUQfcupAi.b7AI/nS"
+    )
+  end
+
+  def test_valid_hash_with_nil_returns_false
+    refute Argon2id::Password.valid_hash?(nil)
+  end
+
+  def test_valid_hash_with_coercible_argon2id_hash_returns_true
+    assert Argon2id::Password.valid_hash?(
+      StringLike.new(
+        "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" \
+        "$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc"
+      )
+    )
+  end
+
+  def test_valid_hash_with_coercible_bcrypt_hash_returns_false
+    refute Argon2id::Password.valid_hash?(
+      StringLike.new(
+        "$2a$12$stsRn7Mi9r02.keRyF4OK.Aq4UWOU185lWggfUQfcupAi.b7AI/nS"
+      )
+    )
+  end
+
+  def test_new_m_65536_t_2_p_1_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" \
+      "$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_m_262144_t_2_p_1_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=262144,t=2,p=1$c29tZXNhbHQ" \
+      "$eP4eyR+zqlZX1y5xCFTkw9m5GYx0L5YWwvCFvtlbLow"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_m_256_t_2_p_1_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_m_256_t_2_p_2_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=2$c29tZXNhbHQ" \
+      "$bQk8UB/VmZZF4Oo79iDXuL5/0ttZwg2f/5U52iv1cDc"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_m_65536_t_1_p_1_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=65536,t=1,p=1$c29tZXNhbHQ" \
+      "$9qWtwbpyPd3vm1rB1GThgPzZ3/ydHL92zKL+15XZypg"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_m_65536_t_4_p_1_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=65536,t=4,p=1$c29tZXNhbHQ" \
+      "$kCXUjmjvc5XMqQedpMTsOv+zyJEf5PhtGiUghW9jFyw"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_m_65536_t_2_p_1_equals_differentpassword
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" \
+      "$C4TWUs9rDEvq7w3+J4umqA32aWKB1+DSiRuBfYxFj94"
+    )
+
+    assert password == "differentpassword"
+  end
+
+  def test_new_m_65536_t_2_p_1_with_diffsalt_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=65536,t=2,p=1$ZGlmZnNhbHQ" \
+      "$vfMrBczELrFdWP0ZsfhWsRPaHppYdP3MVEMIVlqoFBw"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_with_versionless_hash_equals_password
+    password = Argon2id::Password.new(
+      "$argon2id$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$2gcOV25Q8vOKPIl8vdxsf7QCjocJcf+erntOGHkpXm4"
+    )
+
+    assert password == "password"
+  end
+
+  def test_new_with_non_argon2id_hash_raises_argument_error
+    assert_raises(ArgumentError) do
+      Argon2id::Password.new(
+        "$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" \
+        "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ"
+      )
+    end
+  end
+
+  def test_new_with_invalid_hash_raises_argument_error
+    assert_raises(ArgumentError) do
+      Argon2id::Password.new("not a valid hash")
+    end
+  end
+
+  def test_new_with_nil_raises_argument_error
+    assert_raises(ArgumentError) do
+      Argon2id::Password.new(nil)
+    end
+  end
+
+  def test_new_with_coercible_equals_password
+    password = Argon2id::Password.new(
+      StringLike.new(
+        "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+        "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+      )
+    )
+
+    assert password == "password"
+  end
+
+  def test_encoded_returns_the_full_encoded_hash
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4",
+      password.encoded
+    )
+  end
+
+  def test_version_returns_the_version
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal(19, password.version)
+  end
+
+  def test_version_with_no_version_returns_the_default_version
+    password = Argon2id::Password.new(
+      "$argon2id$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal(16, password.version)
+  end
+
+  def test_m_cost_returns_m_cost
+    password = Argon2id::Password.new(
+      "$argon2id$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal(256, password.m_cost)
+  end
+
+  def test_t_cost_returns_t_cost
+    password = Argon2id::Password.new(
+      "$argon2id$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal(2, password.t_cost)
+  end
+
+  def test_parallelism_returns_parallelism
+    password = Argon2id::Password.new(
+      "$argon2id$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal(1, password.parallelism)
+  end
+
+  def test_salt_returns_decoded_salt
+    password = Argon2id::Password.new(
+      "$argon2id$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal("somesalt", password.salt)
+  end
+
+  def test_salt_returns_decoded_binary_salt
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$FImSDfu1p8vf1mZBL2PCkg" \
+      "$vG4bIkTJGMx6OvkLuKTeq37DTyAf8gF2Ouf3zSLlYVc"
+    )
+
+    assert_equal(
+      "\x14\x89\x92\r\xFB\xB5\xA7\xCB\xDF\xD6fA/c\xC2\x92".b,
+      password.salt
+    )
+  end
+
+  def test_output_returns_decoded_output
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=65536,t=1,p=1$c29tZXNhbHQ" \
+      "$9qWtwbpyPd3vm1rB1GThgPzZ3/ydHL92zKL+15XZypg"
+    )
+
+    assert_equal(
+      "\xF6\xA5\xAD\xC1\xBAr=\xDD\xEF\x9BZ\xC1\xD4d\xE1\x80\xFC\xD9\xDF\xFC\x9D\x1C\xBFv\xCC\xA2\xFE\xD7\x95\xD9\xCA\x98".b,
+      password.output
+    )
+  end
+
+  def test_to_s_returns_the_full_encoded_hash
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert_equal(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4",
+      password.to_s
+    )
+  end
+
+  def test_equals_correct_password_returns_true
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password == "password"
+  end
+
+  def test_equals_incorrect_password_returns_false
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    refute password == "differentpassword"
+  end
+
+  def test_equals_nil_returns_false
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    refute password == nil
+  end
+
+  def test_equals_coercible_correct_password_returns_true
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password == StringLike.new("password")
+  end
+
+  def test_equals_coercible_incorrect_password_returns_false
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    refute password == StringLike.new("differentpassword")
+  end
+
+  def test_is_password_correct_password_returns_true
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password.is_password?("password")
+  end
+
+  def test_is_password_incorrect_password_returns_false
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    refute password.is_password?("differentpassword")
+  end
+
+  def test_is_password_nil_returns_false
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    refute password.is_password?(nil)
+  end
+
+  def test_is_password_coercible_correct_password_returns_true
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password.is_password?(StringLike.new("password"))
+  end
+
+  def test_is_password_coercible_incorrect_password_returns_false
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    refute password.is_password?(StringLike.new("differentpassword"))
+  end
+
+  def test_create_password_returns_password
+    password = Argon2id::Password.create("password")
+
+    assert_instance_of Argon2id::Password, password
+  end
+
+  def test_create_password_uses_version_13
+    password = Argon2id::Password.create("password")
+
+    assert_equal 0x13, password.version
+  end
+
+  def test_create_password_uses_default_t_cost
+    password = Argon2id::Password.create("password")
+
+    assert_equal 2, password.t_cost
+  end
+
+  def test_create_password_uses_default_m_cost
+    password = Argon2id::Password.create("password")
+
+    assert_equal 19_456, password.m_cost
+  end
+
+  def test_create_password_uses_default_parallelism
+    password = Argon2id::Password.create("password")
+
+    assert_equal 1, password.parallelism
+  end
+
+  def test_create_password_uses_default_salt_len
+    password = Argon2id::Password.create("password")
+
+    assert_equal 16, password.salt.bytesize
+  end
+
+  def test_create_password_uses_default_output_len
+    password = Argon2id::Password.create("password")
+
+    assert_equal 32, password.output.bytesize
+  end
+
+  def test_create_password_with_t_cost_changes_t_cost
+    password = Argon2id::Password.create("password", t_cost: 1)
+
+    assert_equal(1, password.t_cost)
+  end
+
+  def test_create_password_with_too_small_t_cost_raises_error
+    assert_raises(Argon2id::Error) do
+      Argon2id::Password.create("password", t_cost: 0)
+    end
+  end
+
+  def test_create_password_with_m_cost_changes_m_cost
+    password = Argon2id::Password.create("password", m_cost: 8)
+
+    assert_equal(8, password.m_cost)
+  end
+
+  def test_create_password_with_too_small_m_cost_raises_error
+    assert_raises(Argon2id::Error) do
+      Argon2id::Password.create("password", m_cost: 0)
+    end
+  end
+
+  def test_create_password_with_parallelism_changes_parallelism
+    password = Argon2id::Password.create("password", parallelism: 2)
+
+    assert_equal(2, password.parallelism)
+  end
+
+  def test_create_password_with_too_small_parallelism_raises_error
+    assert_raises(Argon2id::Error) do
+      Argon2id::Password.create("password", parallelism: 0)
+    end
+  end
+
+  def test_create_password_with_too_small_salt_raises_error
+    assert_raises(Argon2id::Error) do
+      Argon2id::Password.create("password", salt_len: 0)
+    end
+  end
+
+  def test_create_password_with_output_len_changes_output_len
+    password = Argon2id::Password.create("password", output_len: 8)
+
+    assert_equal 8, password.output.bytesize
+  end
+
+  def test_create_password_with_too_output_len_raises_error
+    assert_raises(Argon2id::Error) do
+      Argon2id::Password.create("password", output_len: 0)
+    end
+  end
+
+  def test_create_password_inherits_t_cost_from_argon2id
+    Argon2id.t_cost = 1
+
+    password = Argon2id::Password.create("password")
+
+    assert_equal(1, password.t_cost)
+  ensure
+    Argon2id.t_cost = Argon2id::DEFAULT_T_COST
+  end
+
+  def test_create_password_inherits_m_cost_from_argon2id
+    Argon2id.m_cost = 8
+
+    password = Argon2id::Password.create("password")
+
+    assert_equal(8, password.m_cost)
+  ensure
+    Argon2id.m_cost = Argon2id::DEFAULT_M_COST
+  end
+
+  def test_create_password_inherits_parallelism_from_argon2id
+    Argon2id.parallelism = 2
+
+    password = Argon2id::Password.create("password")
+
+    assert_equal(2, password.parallelism)
+  ensure
+    Argon2id.parallelism = Argon2id::DEFAULT_PARALLELISM
+  end
+
+  def test_create_password_inherits_salt_len_from_argon2id
+    Argon2id.salt_len = 8
+
+    password = Argon2id::Password.create("password")
+
+    assert_equal(8, password.salt.bytesize)
+  ensure
+    Argon2id.salt_len = Argon2id::DEFAULT_SALT_LEN
+  end
+
+  def test_create_password_inherits_output_len_from_argon2id
+    Argon2id.output_len = 8
+
+    password = Argon2id::Password.create("password")
+
+    assert_equal(8, password.output.bytesize)
+  ensure
+    Argon2id.output_len = Argon2id::DEFAULT_OUTPUT_LEN
+  end
+
+  def test_create_password_equals_correct_password
+    password = Argon2id::Password.create("password")
+
+    assert password == "password"
+  end
+
+  def test_create_password_does_not_equal_incorrect_password
+    password = Argon2id::Password.create("password")
+
+    refute password == "differentpassword"
+  end
+
+  def test_hashing_password_verifies_correct_password
+    hash = Argon2id::Password.create("password").to_s
+    password = Argon2id::Password.new(hash)
+
+    assert password == "password"
+  end
+
+  def test_hashing_password_does_not_verify_incorrect_password
+    hash = Argon2id::Password.create("password").to_s
+    password = Argon2id::Password.new(hash)
+
+    refute password == "differentpassword"
+  end
+end

data/test/test_argon2id.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require "minitest/autorun"
+require "argon2id"
+
+class TestArgon2id < Minitest::Test
+  def test_t_cost_is_default_t_cost
+    assert_equal 2, Argon2id.t_cost
+  end
+
+  def test_m_cost_is_default_m_cost
+    assert_equal 19_456, Argon2id.m_cost
+  end
+
+  def test_parallelism_is_default_parallelism
+    assert_equal 1, Argon2id.parallelism
+  end
+
+  def test_salt_len_is_default_salt_len
+    assert_equal 16, Argon2id.salt_len
+  end
+
+  def test_output_len_is_default_output_len
+    assert_equal 32, Argon2id.output_len
+  end
+
+  def test_t_cost_can_be_overridden
+    Argon2id.t_cost = 1
+
+    assert_equal 1, Argon2id.t_cost
+  ensure
+    Argon2id.t_cost = Argon2id::DEFAULT_T_COST
+  end
+
+  def test_m_cost_can_be_overridden
+    Argon2id.m_cost = 256
+
+    assert_equal 256, Argon2id.m_cost
+  ensure
+    Argon2id.m_cost = Argon2id::DEFAULT_M_COST
+  end
+
+  def test_parallelism_can_be_overridden
+    Argon2id.parallelism = 2
+
+    assert_equal 2, Argon2id.parallelism
+  ensure
+    Argon2id.parallelism = Argon2id::DEFAULT_PARALLELISM
+  end
+
+  def test_salt_len_can_be_overridden
+    Argon2id.salt_len = 8
+
+    assert_equal 8, Argon2id.salt_len
+  ensure
+    Argon2id.salt_len = Argon2id::DEFAULT_SALT_LEN
+  end
+
+  def test_output_len_can_be_overridden
+    Argon2id.output_len = 16
+
+    assert_equal 16, Argon2id.output_len
+  ensure
+    Argon2id.output_len = Argon2id::DEFAULT_OUTPUT_LEN
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: argon2id
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: x64-mingw32
 authors:
 - Paul Mucur
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-05 00:00:00.000000000 Z
+date: 2024-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -89,7 +89,8 @@ files:
 - lib/argon2id/extension.rb
 - lib/argon2id/password.rb
 - lib/argon2id/version.rb
-- test/test_password.rb
+- test/argon2id/test_password.rb
+- test/test_argon2id.rb
 homepage: https://github.com/mudge/argon2id
 licenses:
 - BSD-3-Clause

data/test/test_password.rb

@@ -1,232 +0,0 @@
-# frozen_string_literal: true
-
-require "minitest/autorun"
-require "argon2id"
-
-class TestPassword < Minitest::Test
-  def test_create_returns_encoded_password_with_defaults
-    password = Argon2id::Password.create("opensesame")
-
-    assert password.to_s.start_with?("$argon2id$")
-    assert password.to_s.include?("t=2")
-    assert password.to_s.include?("m=19456")
-  end
-
-  def test_create_options_can_override_parameters
-    password = Argon2id::Password.create("opensesame", t_cost: 2, m_cost: 256)
-
-    assert password.to_s.include?("t=2")
-    assert password.to_s.include?("m=256")
-  end
-
-  def test_create_uses_argon2id_configuration
-    Argon2id.t_cost = 2
-    Argon2id.m_cost = 256
-
-    password = Argon2id::Password.create("opensesame")
-
-    assert password.to_s.include?("t=2")
-    assert password.to_s.include?("m=256")
-  ensure
-    Argon2id.t_cost = Argon2id::DEFAULT_T_COST
-    Argon2id.m_cost = Argon2id::DEFAULT_M_COST
-  end
-
-  def test_create_coerces_pwd_to_string
-    password = Argon2id::Password.create(123, t_cost: 2, m_cost: 256)
-
-    assert password.to_s.start_with?("$argon2id$")
-  end
-
-  def test_create_coerces_costs_to_integer
-    password = Argon2id::Password.create("opensesame", t_cost: "2", m_cost: "256", parallelism: "1", salt_len: "8", output_len: "32")
-
-    assert password.to_s.start_with?("$argon2id$")
-  end
-
-  def test_create_raises_if_given_non_integer_costs
-    assert_raises(ArgumentError) do
-      Argon2id::Password.create("opensesame", t_cost: "not an integer")
-    end
-  end
-
-  def test_equals_correct_password
-    password = Argon2id::Password.create("opensesame", t_cost: 2, m_cost: 256)
-
-    assert password == "opensesame"
-  end
-
-  def test_does_not_equal_invalid_password
-    password = Argon2id::Password.create("opensesame", t_cost: 2, m_cost: 256)
-
-    refute password == "notopensesame"
-  end
-
-  def test_is_password_returns_true_with_correct_password
-    password = Argon2id::Password.create("opensesame", t_cost: 2, m_cost: 256)
-
-    assert password.is_password?("opensesame")
-  end
-
-  def test_is_password_returns_false_with_incorrect_password
-    password = Argon2id::Password.create("opensesame", t_cost: 2, m_cost: 256)
-
-    refute password.is_password?("notopensesame")
-  end
-
-  def test_salt_returns_the_original_salt
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal "somesalt", password.salt
-  end
-
-  def test_salt_returns_raw_bytes
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$KmIxrXv4lrnSJPO0LN7Gdw$lB3724qLPL9MNi10lkvIb4VxIk3q841CLvq0WTCZ0VQ")
-
-    assert_equal "*b1\xAD{\xF8\x96\xB9\xD2$\xF3\xB4,\xDE\xC6w".b, password.salt
-  end
-
-  def test_raises_for_invalid_hashes
-    assert_raises(ArgumentError) do
-      Argon2id::Password.new("not a valid hash")
-    end
-  end
-
-  def test_raises_for_partial_hashes
-    assert_raises(ArgumentError) do
-      Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$KmIxrXv4lrnSJPO0LN7Gdw")
-    end
-  end
-
-  def test_raises_for_hashes_with_null_bytes
-    assert_raises(ArgumentError) do
-      Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4\x00foo")
-    end
-  end
-
-  def test_raises_for_non_argon2id_hashes
-    assert_raises(ArgumentError) do
-      Argon2id::Password.new("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8")
-    end
-  end
-
-  def test_salt_supports_versionless_hashes
-    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal "somesalt", password.salt
-  end
-
-  def test_coerces_given_hash_to_string
-    password = Argon2id::Password.create("password")
-
-    assert Argon2id::Password.new(password) == "password"
-  end
-
-  def test_extracting_version_from_hash
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 19, password.version
-  end
-
-  def test_extracting_version_from_versionless_hash
-    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 16, password.version
-  end
-
-  def test_extracting_time_cost_from_hash
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 2, password.t_cost
-  end
-
-  def test_extracting_time_cost_from_versionless_hash
-    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 2, password.t_cost
-  end
-
-  def test_extracting_memory_cost_from_hash
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 256, password.m_cost
-  end
-
-  def test_extracting_memory_cost_from_versionless_hash
-    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 256, password.m_cost
-  end
-
-  def test_extracting_parallelism_from_hash
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 1, password.parallelism
-  end
-
-  def test_extracting_parallelism_from_versionless_hash
-    password = Argon2id::Password.new("$argon2id$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal 1, password.parallelism
-  end
-
-  def test_extracting_output_from_hash
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert_equal "\x9D\xFE\xB9\x10\xE8\v\xAD\x03\x11\xFE\xE2\x0F\x9C\x0E+\x12\xC1y\x87\xB4\xCA\xC9\f.\xF5M[0!\xC6\x8B\xFE".b, password.output
-  end
-
-  def test_libargon2_test_case_1
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    assert password == "password"
-  end
-
-  def test_libargon2_test_case_1_returns_false_with_incorrect_password
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
-
-    refute password == "not password"
-  end
-
-  def test_libargon2_test_case_2
-    password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=2$c29tZXNhbHQ$bQk8UB/VmZZF4Oo79iDXuL5/0ttZwg2f/5U52iv1cDc")
-
-    assert password == "password"
-  end
-
-  def test_encoded_password_does_not_include_trailing_null_byte
-    password = Argon2id::Password.create("password", t_cost: 2, m_cost: 256, salt_len: 8)
-
-    refute password.to_s.end_with?("\x00")
-  end
-
-  def test_raises_with_too_short_output
-    assert_raises(Argon2id::Error) do
-      Argon2id::Password.create("password", t_cost: 2, m_cost: 256, salt_len: 8, output_len: 1)
-    end
-  end
-
-  def test_raises_with_too_few_threads_and_compute_lanes
-    assert_raises(Argon2id::Error) do
-      Argon2id::Password.create("password", t_cost: 2, m_cost: 256, parallelism: 0, salt_len: 8)
-    end
-  end
-
-  def test_raises_with_too_small_memory_cost
-    assert_raises(Argon2id::Error) do
-      Argon2id::Password.create("password", t_cost: 2, m_cost: 0, salt_len: 8)
-    end
-  end
-
-  def test_raises_with_too_small_time_cost
-    assert_raises(Argon2id::Error) do
-      Argon2id::Password.create("password", t_cost: 0, m_cost: 256, salt_len: 8)
-    end
-  end
-
-  def test_raises_with_too_short_salt
-    assert_raises(Argon2id::Error) do
-      Argon2id::Password.create("password", t_cost: 2, m_cost: 256, salt_len: 0)
-    end
-  end
-end