argon2id 0.7.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fe0651aa144c9dd31ce3eec05fff4a92b19f9c3123ccca67c2f19ae0e0047e85
4
- data.tar.gz: fdc003fc28fd0258bf838c599f5a7bf784296aefbd3658efc87e6ca23a9ea4a4
3
+ metadata.gz: 5cc09675c06311083113abdaf6682c6096b7a0c465f803a95e14005421f43ccf
4
+ data.tar.gz: cd357c083ca7c2d2b21b92ab23098532342284b578b957ad56b05c97eb9cfe77
5
5
  SHA512:
6
- metadata.gz: b6eae30f919739df31878696ec9ce8d2bfd26bbc4c8dfe8a442021d139b51c80c6bc362c9810cad9dc706b4f32d36333ca85bbcdd5620ae169981d6766fd3d8c
7
- data.tar.gz: d9c614f7e76e809677402b3f451b932ccfe413775d4bbf27131552f4c6249f819cef39db7285a85f5f91aaa37ad4b2f3cde6f24545f9d7eb412598df3cdcdbb8
6
+ metadata.gz: 52edf8f69ef92b3eff033c256c406ae6f7e89b8195669329d8517a851a9bdf56f8d518f37eb87bdbf35eb750cf7963b059d0c5533283d4a66173b0203a1761ba
7
+ data.tar.gz: d5c7b643c790197a06386cbf0920f96eeeed6653de46bc676ed286356d8a3fdc77daa2f5acead7db77db50458d178b6a5c5a6acc29831db01617d2ddc7bfe7ae
data/CHANGELOG.md CHANGED
@@ -5,6 +5,36 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [0.8.0] - 2024-12-29
9
+
10
+ ### Added
11
+
12
+ - Add Ruby 3.4 support to the precompiled, native gems
13
+ - Restored support for Ruby 2.6, 2.7, and 3.0 after dropping them in 0.8.0.rc1
14
+
15
+ ### Changed
16
+
17
+ - Provide separate precompiled, native gems for GNU and Musl
18
+ - Require glibc 2.29+ for x86-linux-gnu and x86_64-linux-gnu (and recommend
19
+ RubyGems 3.3.22+ and Bundler 2.3.21+)
20
+
21
+ ## [0.8.0.rc1] - 2024-12-16
22
+
23
+ ### Added
24
+
25
+ - Add Ruby 3.4.0-rc1 support to the precompiled, native gems
26
+
27
+ ### Changed
28
+
29
+ - Provide separate precompiled, native gems for GNU and Musl
30
+ - Require glibc 2.29+ for x86-linux-gnu and x86_64-linux-gnu (and recommend
31
+ RubyGems 3.3.22+ and Bundler 2.3.21+)
32
+
33
+ ### Removed
34
+
35
+ - Drop support for Ruby versions older than 3.1 as they do not ship with a
36
+ version of RubyGems new enough to handle the new Musl gems
37
+
8
38
  ## [0.7.0] - 2024-11-08
9
39
 
10
40
  ### Fixed
@@ -111,6 +141,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
111
141
  reference C implementation of Argon2, the password-hashing function that won
112
142
  the Password Hashing Competition.
113
143
 
144
+ [0.8.0]: https://github.com/mudge/argon2id/releases/tag/v0.8.0
145
+ [0.8.0.rc1]: https://github.com/mudge/argon2id/releases/tag/v0.8.0.rc1
114
146
  [0.7.0]: https://github.com/mudge/argon2id/releases/tag/v0.7.0
115
147
  [0.6.0]: https://github.com/mudge/argon2id/releases/tag/v0.6.0
116
148
  [0.5.0]: https://github.com/mudge/argon2id/releases/tag/v0.5.0
data/README.md CHANGED
@@ -5,7 +5,7 @@ Ruby bindings to [Argon2][], the password-hashing function that won the 2015
5
5
 
6
6
  [![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
7
7
 
8
- **Current version:** 0.7.0
8
+ **Current version:** 0.8.0
9
9
  **Bundled Argon2 version:** libargon2.1 (20190702)
10
10
 
11
11
  ```ruby
@@ -28,6 +28,7 @@ password.salt #=> "e-\xA7\x04U\x81\xA6{v\xF0x\xED\xCC\xD3\x96\xE3"
28
28
  * [Verifying passwords](#verifying-passwords)
29
29
  * [Validating encoded hashes](#validating-encoded-hashes)
30
30
  * [Errors](#errors)
31
+ * [Usage with Active Record](#usage-with-active-record)
31
32
  * [Requirements](#requirements)
32
33
  * [Native gems](#native-gems)
33
34
  * [Verifying the gems](#verifying-the-gems)
@@ -196,11 +197,67 @@ Argon2id::Password.create("password", salt_len: 0)
196
197
  # Salt is too short (Argon2id::Error)
197
198
  ```
198
199
 
200
+ ### Usage with Active Record
201
+
202
+ If you're planning to use this with Active Record instead of [Rails' own
203
+ bcrypt-based
204
+ `has_secure_password`](https://api.rubyonrails.org/v8.0/classes/ActiveModel/SecurePassword/ClassMethods.html),
205
+ you can use the following as a starting point:
206
+
207
+ #### The `User` model
208
+
209
+ ```ruby
210
+ require "argon2id"
211
+
212
+ # Schema: User(name: string, password_digest:string)
213
+ class User < ApplicationRecord
214
+ attr_reader :password
215
+
216
+ validates :password_digest, presence: true
217
+ validates :password, confirmation: true, allow_blank: true
218
+
219
+ def password=(unencrypted_password)
220
+ if unencrypted_password.nil?
221
+ @password = nil
222
+ self.password_digest = nil
223
+ elsif !unencrypted_password.empty?
224
+ @password = unencrypted_password
225
+ self.password_digest = Argon2id::Password.create(unencrypted_password)
226
+ end
227
+ end
228
+
229
+ def authenticate(unencrypted_password)
230
+ password_digest? && Argon2id::Password.new(password_digest).is_password?(unencrypted_password) && self
231
+ end
232
+
233
+ def password_salt
234
+ Argon2id::Password.new(password_digest).salt if password_digest?
235
+ end
236
+ end
237
+ ```
238
+
239
+ This can then be used like so:
240
+
241
+ ```ruby
242
+ user = User.new(name: "alice", password: "", password_confirmation: "diffpassword")
243
+ user.save #=> false, password required
244
+ user.password = "password"
245
+ user.save #=> false, confirmation doesn't match
246
+ user.password_confirmation = "password"
247
+ user.save #=> true
248
+
249
+ user.authenticate("notright") #=> false
250
+ user.authenticate("password") #=> user
251
+
252
+ User.find_by(name: "alice")&.authenticate("notright") #=> false
253
+ User.find_by(name: "alice")&.authenticate("password") #=> user
254
+ ```
255
+
199
256
  ## Requirements
200
257
 
201
258
  This gem requires any of the following to run:
202
259
 
203
- * [Ruby](https://www.ruby-lang.org/en/) 2.6 to 3.3
260
+ * [Ruby](https://www.ruby-lang.org/en/) 2.6 to 3.4
204
261
  * [JRuby](https://www.jruby.org) 9.4
205
262
  * [TruffleRuby](https://www.graalvm.org/ruby/) 24.1
206
263
 
@@ -214,9 +271,8 @@ This gem requires any of the following to run:
214
271
  Where possible, a pre-compiled native gem will be provided for the following platforms:
215
272
 
216
273
  * Linux
217
- * `aarch64-linux` and `arm-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.29+)
218
- * `x86-linux` and `x86_64-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.17+)
219
- * [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported as long as a [glibc-compatible library is installed](https://wiki.alpinelinux.org/wiki/Running_glibc_programs)
274
+ * `aarch64-linux`, `arm-linux`, `x86-linux`, `x86_64-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.29+, RubyGems 3.3.22+ and Bundler 2.3.21+)
275
+ * [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported with Bundler 2.5.6+
220
276
  * macOS `x86_64-darwin` and `arm64-darwin`
221
277
  * Windows `x64-mingw32` and `x64-mingw-ucrt`
222
278
  * Java: any platform running JRuby 9.4 or higher
@@ -228,11 +284,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
228
284
  checked with `sha256sum`, e.g.
229
285
 
230
286
  ```console
231
- $ gem fetch argon2id -v 0.6.0
232
- Fetching argon2id-0.6.0-arm64-darwin.gem
233
- Downloaded argon2id-0.6.0-arm64-darwin
234
- $ sha256sum argon2id-0.6.0-arm64-darwin.gem
235
- 18f1f04be4b5e7badb4d491762e57874febeeb46c64ce1b0a5e3a75b39b5baeb argon2id-0.6.0-arm64-darwin.gem
287
+ $ gem fetch argon2id -v 0.7.0
288
+ Fetching argon2id-0.7.0-arm64-darwin.gem
289
+ Downloaded argon2id-0.7.0-arm64-darwin
290
+ $ sha256sum argon2id-0.7.0-arm64-darwin.gem
291
+ 26bba5bcefa56827c728222e6df832aef5c8c4f4d3285875859a1d911477ec68 argon2id-0.7.0-arm64-darwin.gem
236
292
  ```
237
293
 
238
294
  [GPG](https://www.gnupg.org/) signatures are attached to each release (the
@@ -242,8 +298,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
242
298
  0x39AC3530070E0F75`):
243
299
 
244
300
  ```console
245
- $ gpg --verify argon2id-0.6.0-arm64-darwin.gem.sig argon2id-0.6.0-arm64-darwin.gem
246
- gpg: Signature made Tue 5 Nov 11:30:47 2024 GMT
301
+ $ gpg --verify argon2id-0.7.0-arm64-darwin.gem.sig argon2id-0.7.0-arm64-darwin.gem
302
+ gpg: Signature made Fri 8 Nov 13:45:18 2024 GMT
247
303
  gpg: using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
248
304
  gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
249
305
  gpg: aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
data/Rakefile CHANGED
@@ -5,18 +5,22 @@ require "minitest/test_task"
5
5
  CLEAN.add("lib/**/*.{o,so,bundle}", "pkg")
6
6
 
7
7
  cross_platforms = %w[
8
- aarch64-linux
9
- arm-linux
8
+ aarch64-linux-gnu
9
+ aarch64-linux-musl
10
+ arm-linux-gnu
11
+ arm-linux-musl
10
12
  arm64-darwin
11
13
  x64-mingw-ucrt
12
14
  x64-mingw32
13
- x86-linux
15
+ x86-linux-gnu
16
+ x86-linux-musl
14
17
  x86-mingw32
15
18
  x86_64-darwin
16
- x86_64-linux
19
+ x86_64-linux-gnu
20
+ x86_64-linux-musl
17
21
  ].freeze
18
22
 
19
- ENV["RUBY_CC_VERSION"] = %w[3.3.0 3.2.0 3.1.0 3.0.0 2.7.0 2.6.0].join(":")
23
+ ENV["RUBY_CC_VERSION"] = %w[3.4.0 3.3.5 3.2.0 3.1.0 3.0.0 2.7.0 2.6.0].join(":")
20
24
 
21
25
  gemspec = Gem::Specification.load("argon2id.gemspec")
22
26
 
data/argon2id.gemspec CHANGED
@@ -54,6 +54,6 @@ Gem::Specification.new do |s|
54
54
  s.rdoc_options = ["--main", "README.md"]
55
55
 
56
56
  s.add_development_dependency("rake-compiler", "~> 1.2")
57
- s.add_development_dependency("rake-compiler-dock", "~> 1.5")
57
+ s.add_development_dependency("rake-compiler-dock", "~> 1.7")
58
58
  s.add_development_dependency("minitest", "~> 5.25")
59
59
  end
@@ -15,10 +15,11 @@ if RUBY_PLATFORM == "java"
15
15
  output = Java::byte[hashlen].new
16
16
  params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
17
17
  .new(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_id)
18
- .with_salt(salt_bytes)
19
- .with_parallelism(parallelism)
20
- .with_memory_as_kb(m_cost)
18
+ .with_version(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_VERSION_13)
21
19
  .with_iterations(t_cost)
20
+ .with_memory_as_kb(m_cost)
21
+ .with_parallelism(parallelism)
22
+ .with_salt(salt_bytes)
22
23
  .build
23
24
  generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
24
25
 
@@ -43,11 +44,11 @@ if RUBY_PLATFORM == "java"
43
44
  other_output = Java::byte[output.bytesize].new
44
45
  params = Java::OrgBouncycastleCryptoParams::Argon2Parameters::Builder
45
46
  .new(Java::OrgBouncycastleCryptoParams::Argon2Parameters::ARGON2_id)
46
- .with_salt(salt.to_java_bytes)
47
- .with_parallelism(parallelism)
48
- .with_memory_as_kb(m_cost)
49
- .with_iterations(t_cost)
50
47
  .with_version(version)
48
+ .with_iterations(t_cost)
49
+ .with_memory_as_kb(m_cost)
50
+ .with_parallelism(parallelism)
51
+ .with_salt(salt.to_java_bytes)
51
52
  .build
52
53
  generator = Java::OrgBouncycastleCryptoGenerators::Argon2BytesGenerator.new
53
54
  generator.init(params)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Argon2id
4
- VERSION = "0.7.0"
4
+ VERSION = "0.8.0"
5
5
  end
@@ -386,6 +386,12 @@ class TestPassword < Minitest::Test
386
386
  assert_instance_of Argon2id::Password, password
387
387
  end
388
388
 
389
+ def test_create_password_uses_version_13
390
+ password = Argon2id::Password.create("password")
391
+
392
+ assert_equal 0x13, password.version
393
+ end
394
+
389
395
  def test_create_password_uses_default_t_cost
390
396
  password = Argon2id::Password.create("password")
391
397
 
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: argon2id
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paul Mucur
8
- autorequire:
9
8
  bindir: bin
10
9
  cert_chain: []
11
- date: 2024-11-08 00:00:00.000000000 Z
10
+ date: 2024-12-29 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: rake-compiler
@@ -30,14 +29,14 @@ dependencies:
30
29
  requirements:
31
30
  - - "~>"
32
31
  - !ruby/object:Gem::Version
33
- version: '1.5'
32
+ version: '1.7'
34
33
  type: :development
35
34
  prerelease: false
36
35
  version_requirements: !ruby/object:Gem::Requirement
37
36
  requirements:
38
37
  - - "~>"
39
38
  - !ruby/object:Gem::Version
40
- version: '1.5'
39
+ version: '1.7'
41
40
  - !ruby/object:Gem::Dependency
42
41
  name: minitest
43
42
  requirement: !ruby/object:Gem::Requirement
@@ -54,7 +53,6 @@ dependencies:
54
53
  version: '5.25'
55
54
  description: Ruby bindings to Argon2, the password-hashing function that won the 2015
56
55
  Password Hashing Competition.
57
- email:
58
56
  executables: []
59
57
  extensions:
60
58
  - ext/argon2id/extconf.rb
@@ -99,7 +97,6 @@ metadata:
99
97
  homepage_uri: https://github.com/mudge/argon2id
100
98
  source_code_uri: https://github.com/mudge/argon2id
101
99
  rubygems_mfa_required: 'true'
102
- post_install_message:
103
100
  rdoc_options:
104
101
  - "--main"
105
102
  - README.md
@@ -116,8 +113,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
116
113
  - !ruby/object:Gem::Version
117
114
  version: '0'
118
115
  requirements: []
119
- rubygems_version: 3.5.22
120
- signing_key:
116
+ rubygems_version: 3.6.2
121
117
  specification_version: 4
122
118
  summary: Ruby bindings to Argon2
123
119
  test_files: []