argon2id 0.8.0-aarch64-linux-musl

Sign up to get free protection for your applications and to get access to all the features.
Files changed (38) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +156 -0
  3. data/Gemfile +9 -0
  4. data/LICENSE +11 -0
  5. data/README.md +371 -0
  6. data/Rakefile +70 -0
  7. data/argon2id.gemspec +59 -0
  8. data/ext/argon2id/argon2id.c +76 -0
  9. data/ext/argon2id/extconf.rb +17 -0
  10. data/ext/argon2id/libargon2/LICENSE +314 -0
  11. data/ext/argon2id/libargon2/argon2.c +452 -0
  12. data/ext/argon2id/libargon2/argon2.h +437 -0
  13. data/ext/argon2id/libargon2/blake2/blake2-impl.h +156 -0
  14. data/ext/argon2id/libargon2/blake2/blake2.h +89 -0
  15. data/ext/argon2id/libargon2/blake2/blake2b.c +390 -0
  16. data/ext/argon2id/libargon2/blake2/blamka-round-opt.h +471 -0
  17. data/ext/argon2id/libargon2/blake2/blamka-round-ref.h +56 -0
  18. data/ext/argon2id/libargon2/core.c +648 -0
  19. data/ext/argon2id/libargon2/core.h +228 -0
  20. data/ext/argon2id/libargon2/encoding.c +463 -0
  21. data/ext/argon2id/libargon2/encoding.h +57 -0
  22. data/ext/argon2id/libargon2/ref.c +194 -0
  23. data/ext/argon2id/libargon2/thread.c +57 -0
  24. data/ext/argon2id/libargon2/thread.h +67 -0
  25. data/lib/argon2id/2.6/argon2id.so +0 -0
  26. data/lib/argon2id/2.7/argon2id.so +0 -0
  27. data/lib/argon2id/3.0/argon2id.so +0 -0
  28. data/lib/argon2id/3.1/argon2id.so +0 -0
  29. data/lib/argon2id/3.2/argon2id.so +0 -0
  30. data/lib/argon2id/3.3/argon2id.so +0 -0
  31. data/lib/argon2id/3.4/argon2id.so +0 -0
  32. data/lib/argon2id/extension.rb +71 -0
  33. data/lib/argon2id/password.rb +142 -0
  34. data/lib/argon2id/version.rb +5 -0
  35. data/lib/argon2id.rb +45 -0
  36. data/test/argon2id/test_password.rb +554 -0
  37. data/test/test_argon2id.rb +66 -0
  38. metadata +132 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 2e12496bd17aa309b856778478b51077ce894a6d5dd5349c53fe61771ad26814
4
+ data.tar.gz: 72e4625f7622555ed035856e270ff02adc9a92effafbb30326da548cc7ace09c
5
+ SHA512:
6
+ metadata.gz: 77b811bf2104ede151b8bbb7ab8c376be1f0195dbee2c5fd7176468c3f1cb61385e47c03b268af2c9676fbbd2cbee3ef5ef26d5edb73d1041f5b1e234c6ca538
7
+ data.tar.gz: ecef8043b7f62035568c2a570c6b9cdd2d9913bd42460abbb3c384c6b7ea2ffc25249a7ab014e9ec1db7ae86f44859e128b7c2c9cbdd33fe3574c117e5415ba9
data/CHANGELOG.md ADDED
@@ -0,0 +1,156 @@
1
+ # Changelog
2
+
3
+ All notable changes to this project will be documented in this file.
4
+
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
+
8
+ ## [0.8.0] - 2024-12-29
9
+
10
+ ### Added
11
+
12
+ - Add Ruby 3.4 support to the precompiled, native gems
13
+ - Restored support for Ruby 2.6, 2.7, and 3.0 after dropping them in 0.8.0.rc1
14
+
15
+ ### Changed
16
+
17
+ - Provide separate precompiled, native gems for GNU and Musl
18
+ - Require glibc 2.29+ for x86-linux-gnu and x86_64-linux-gnu (and recommend
19
+ RubyGems 3.3.22+ and Bundler 2.3.21+)
20
+
21
+ ## [0.8.0.rc1] - 2024-12-16
22
+
23
+ ### Added
24
+
25
+ - Add Ruby 3.4.0-rc1 support to the precompiled, native gems
26
+
27
+ ### Changed
28
+
29
+ - Provide separate precompiled, native gems for GNU and Musl
30
+ - Require glibc 2.29+ for x86-linux-gnu and x86_64-linux-gnu (and recommend
31
+ RubyGems 3.3.22+ and Bundler 2.3.21+)
32
+
33
+ ### Removed
34
+
35
+ - Drop support for Ruby versions older than 3.1 as they do not ship with a
36
+ version of RubyGems new enough to handle the new Musl gems
37
+
38
+ ## [0.7.0] - 2024-11-08
39
+
40
+ ### Fixed
41
+
42
+ - Fixed verifying Argon2id encoded hashes without a version number on JRuby
43
+
44
+ ### Added
45
+
46
+ - Added a new `Argon2id::Password.valid_hash?` API for testing if a given
47
+ encoded hash is a valid Argon2id hash or not (e.g. if you want to check
48
+ which hashing function was used to store a user's password)
49
+
50
+ ## [0.6.0] - 2024-11-05
51
+
52
+ ### Changed
53
+
54
+ - Move the internal API to `Argon2id::Password` and make it explicitly private
55
+
56
+ ## [0.5.0] - 2024-11-02
57
+
58
+ ### Removed
59
+
60
+ - No longer expose the `type` of an encoded hash as it must always be an
61
+ Argon2id hash
62
+
63
+ ## [0.4.1] - 2024-11-02
64
+
65
+ ### Changed
66
+
67
+ - Refactor verification on JRuby to avoid parsing encoded hashes unnecessarily
68
+ - No longer describe the gem in terms of bindings to the reference C
69
+ implementation given the Bouncy Castle-based JRuby implementation
70
+ - Only wrap `IllegalStateException` with `Argon2id::Error` on JRuby
71
+
72
+ ## [0.4.0] - 2024-11-02
73
+
74
+ ### Added
75
+
76
+ - Added support for JRuby 9.4 by adding an implementation of Argon2id hashing
77
+ and verification using JRuby-OpenSSL's Bouncy Castle internals
78
+ - Added `output` to `Argon2id::Password` instances so the actual "output" part
79
+ of a password hash can be retrieved (and compared)
80
+
81
+ ### Changed
82
+
83
+ - Verifying a password will now consistently raise an `ArgumentError` when
84
+ given an invalid encoded hash rather than an `Argon2id::Error`
85
+
86
+ ## [0.3.0] - 2024-11-01
87
+
88
+ ### Added
89
+
90
+ - Expose all parameters of a hash through new readers on `Argon2id::Password`:
91
+ namely, `type`, `version`, `m_cost`, `t_cost`, and `parallelism`
92
+
93
+ ### Changed
94
+
95
+ - Remove the dependency on the `base64` gem by inlining the definition of
96
+ `Base64.decode64` (thanks to @etiennebarrie for the tip)
97
+
98
+ ## [0.2.1] - 2024-11-01
99
+
100
+ ### Added
101
+
102
+ - Anything that can be coerced to a String can now be passed to
103
+ `Argon2id::Password.new`
104
+
105
+ ## [0.2.0] - 2024-11-01
106
+
107
+ ### Added
108
+
109
+ - The original salt for an `Argon2id::Password` can now be retrieved with
110
+ `Argon2id::Password#salt`
111
+
112
+ ### Changed
113
+
114
+ - Encoded hashes are now validated when initialising an `Argon2id::Password`,
115
+ raising an `ArgumentError` if they are invalid
116
+
117
+ ## [0.1.2] - 2024-11-01
118
+
119
+ ### Fixed
120
+
121
+ - Validate that the encoded hash passed to `Argon2id::Password.new` is a
122
+ null-terminated C string, raising an `ArgumentError` if it contains extra null
123
+ bytes
124
+
125
+ ## [0.1.1] - 2024-11-01
126
+
127
+ ### Added
128
+
129
+ - RDoc documentation for the API
130
+
131
+ ### Fixed
132
+
133
+ - Saved a superfluous extra byte when allocating the buffer for the encoded
134
+ hash
135
+
136
+ ## [0.1.0] - 2024-10-31
137
+
138
+ ### Added
139
+
140
+ - The initial version of the Argon2id gem, providing Ruby bindings to the
141
+ reference C implementation of Argon2, the password-hashing function that won
142
+ the Password Hashing Competition.
143
+
144
+ [0.8.0]: https://github.com/mudge/argon2id/releases/tag/v0.8.0
145
+ [0.8.0.rc1]: https://github.com/mudge/argon2id/releases/tag/v0.8.0.rc1
146
+ [0.7.0]: https://github.com/mudge/argon2id/releases/tag/v0.7.0
147
+ [0.6.0]: https://github.com/mudge/argon2id/releases/tag/v0.6.0
148
+ [0.5.0]: https://github.com/mudge/argon2id/releases/tag/v0.5.0
149
+ [0.4.1]: https://github.com/mudge/argon2id/releases/tag/v0.4.1
150
+ [0.4.0]: https://github.com/mudge/argon2id/releases/tag/v0.4.0
151
+ [0.3.0]: https://github.com/mudge/argon2id/releases/tag/v0.3.0
152
+ [0.2.1]: https://github.com/mudge/argon2id/releases/tag/v0.2.1
153
+ [0.2.0]: https://github.com/mudge/argon2id/releases/tag/v0.2.0
154
+ [0.1.2]: https://github.com/mudge/argon2id/releases/tag/v0.1.2
155
+ [0.1.1]: https://github.com/mudge/argon2id/releases/tag/v0.1.1
156
+ [0.1.0]: https://github.com/mudge/argon2id/releases/tag/v0.1.0
data/Gemfile ADDED
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gemspec
6
+
7
+ group :memcheck, optional: true do
8
+ gem "ruby_memcheck"
9
+ end
data/LICENSE ADDED
@@ -0,0 +1,11 @@
1
+ Copyright (c) 2024 Paul Mucur.
2
+
3
+ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
4
+
5
+ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
6
+
7
+ 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
8
+
9
+ 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
10
+
11
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/README.md ADDED
@@ -0,0 +1,371 @@
1
+ # Argon2id - Ruby bindings to the OWASP recommended password-hashing function
2
+
3
+ Ruby bindings to [Argon2][], the password-hashing function that won the 2015
4
+ [Password Hashing Competition][].
5
+
6
+ [![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
7
+
8
+ **Current version:** 0.8.0
9
+ **Bundled Argon2 version:** libargon2.1 (20190702)
10
+
11
+ ```ruby
12
+ Argon2id::Password.create("password").to_s
13
+ #=> "$argon2id$v=19$m=19456,t=2,p=1$agNV6OfDL1OwE44WdrFCJw$ITrBwvCsW4b5GjgZuL67RCcvVMEWBWXtASc9TVyI3rY"
14
+
15
+ password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
16
+ password == "password" #=> true
17
+ password == "not password" #=> false
18
+
19
+ password.m_cost #=> 19456
20
+ password.salt #=> "e-\xA7\x04U\x81\xA6{v\xF0x\xED\xCC\xD3\x96\xE3"
21
+ ```
22
+
23
+ ## Table of contents
24
+
25
+ * [Why Argon2id?](#why-argon2id)
26
+ * [Usage](#usage)
27
+ * [Hashing passwords](#hashing-passwords)
28
+ * [Verifying passwords](#verifying-passwords)
29
+ * [Validating encoded hashes](#validating-encoded-hashes)
30
+ * [Errors](#errors)
31
+ * [Usage with Active Record](#usage-with-active-record)
32
+ * [Requirements](#requirements)
33
+ * [Native gems](#native-gems)
34
+ * [Verifying the gems](#verifying-the-gems)
35
+ * [Installing the `ruby` platform gem](#installing-the-ruby-platform-gem)
36
+ * [Thanks](#thanks)
37
+ * [Contact](#contact)
38
+ * [License](#license)
39
+ * [Dependencies](#dependencies)
40
+
41
+ ## Why Argon2id?
42
+
43
+ > Argon2 is a password-hashing function that summarizes the state of the art in
44
+ > the design of memory-hard functions and can be used to hash passwords for
45
+ > credential storage, key derivation, or other applications.
46
+ >
47
+ > It has a simple design aimed at the highest memory filling rate and effective
48
+ > use of multiple computing units, while still providing defense against
49
+ > tradeoff attacks (by exploiting the cache and memory organization of the
50
+ > recent processors).
51
+
52
+ — [Argon2][]
53
+
54
+ > Argon2 was the winner of the 2015 Password Hashing Competition. Out of the
55
+ > three Argon2 versions, use the Argon2id variant since it provides a balanced
56
+ > approach to resisting both side-channel and GPU-based attacks.
57
+
58
+ — [OWASP Password Storage Cheat Sheet][]
59
+
60
+ See also [argon2-cffi's "Why 'just use bcrypt' Is Not the Best Answer (Anymore)"](https://argon2-cffi.readthedocs.io/en/23.1.0/argon2.html#why-just-use-bcrypt-is-not-the-best-answer-anymore).
61
+
62
+ ## Usage
63
+
64
+ Install argon2id as a dependency:
65
+
66
+ ```ruby
67
+ # In your Gemfile
68
+ gem "argon2id"
69
+
70
+ # Or without Bundler
71
+ gem install argon2id
72
+ ```
73
+
74
+ Include in your code:
75
+
76
+ ```ruby
77
+ require "argon2id"
78
+ ```
79
+
80
+ ### Hashing passwords
81
+
82
+ Hash a plain text password (e.g. from user input) with
83
+ `Argon2id::Password.create`:
84
+
85
+ ```ruby
86
+ password = Argon2id::Password.create("opensesame")
87
+ ```
88
+
89
+ The encoded value of the resulting hash is available via
90
+ `Argon2id::Password#to_s` (ideal for persisting somewhere):
91
+
92
+ ```ruby
93
+ password.to_s
94
+ #=> "$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU"
95
+ ```
96
+
97
+ By default, `Argon2id::Password.create` will use the second set of parameters
98
+ recommended by [OWASP][OWASP Password Storage Cheat Sheet] but these can be
99
+ overridden by passing keyword arguments to `Argon2id::Password.create`:
100
+
101
+ * `t_cost`: the "time cost" given as a number of iterations (defaults to 2)
102
+ * `m_cost`: the "memory cost" given in kibibytes (defaults to 19 mebibytes)
103
+ * `parallelism`: the number of threads and compute lanes to use (defaults to 1)
104
+ * `salt_len`: the salt size in bytes (defaults to 16)
105
+ * `output_len`: the desired length of the hash in bytes (defaults to 32)
106
+
107
+ ```ruby
108
+ password = Argon2id::Password.create("opensesame", t_cost: 3, m_cost: 12288)
109
+ password.to_s
110
+ #=> "$argon2id$v=19$m=12288,t=3,p=1$uukIsLS6y6etvsgoN20kVg$exMvDX/P9exvEPmnZL2gZClRyMdrnqjqyysLMP/VUWA"
111
+ ```
112
+
113
+ If you want to override the parameters for all calls to
114
+ `Argon2id::Password.create`, you can set them on `Argon2id` directly:
115
+
116
+ ```ruby
117
+ Argon2id.t_cost = 3
118
+ Argon2id.m_cost = 12288
119
+ Argon2id.parallelism = 1
120
+ Argon2id.salt_len = 16
121
+ Argon2id.output_len = 32
122
+ ```
123
+
124
+ ### Verifying passwords
125
+
126
+ To verify a password against a hash, use `Argon2id::Password#==`:
127
+
128
+ ```ruby
129
+ password = Argon2id::Password.create("opensesame")
130
+ password == "opensesame" #=> true
131
+ password == "notopensesame" #=> false
132
+ ```
133
+
134
+ Or, if you only have the encoded hash (e.g. retrieved from storage):
135
+
136
+ ```ruby
137
+ password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
138
+ password == "opensesame" #=> true
139
+ password == "notopensesame" #=> false
140
+ ```
141
+
142
+ > [!WARNING]
143
+ > `Argon2id::Password.new` does not support hashes generated from other Argon2
144
+ > variants such as Argon2i and Argon2d.
145
+
146
+ For compatibility with [bcrypt-ruby][], `Argon2id::Password#==` is aliased to `Argon2id::Password.is_password?`:
147
+
148
+ ```ruby
149
+ password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$ZS2nBFWBpnt28HjtzNOW4w$SQ+p+dIcWbpzWpZQ/ZZFj8IQkyhYZf127U4QdkRmKFU")
150
+ password.is_password?("opensesame") #=> true
151
+ password.is_password?("notopensesame") #=> false
152
+ ```
153
+
154
+ > [!CAUTION]
155
+ > `Argon2id::Password#==` only works if the plain text password is on the right, e.g. the following behaviour may be surprising:
156
+ >
157
+ > ```ruby
158
+ > password = Argon2id::Password.create("password")
159
+ > password == "password" #=> true
160
+ > "password" == password #=> false
161
+ > password == password #=> false
162
+ > ```
163
+ >
164
+ > If you want to avoid this ambiguity, prefer the `Argon2id::Password#is_password?` alias instead.
165
+
166
+ The various parts of the encoded hash can be retrieved:
167
+
168
+ ```ruby
169
+ password = Argon2id::Password.new("$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4")
170
+ password.version #=> 19
171
+ password.m_cost #=> 256
172
+ password.t_cost #=> 2
173
+ password.parallelism #=> 1
174
+ password.salt #=> "somesalt"
175
+ password.output
176
+ #=> "\x9D\xFE\xB9\x10\xE8\v\xAD\x03\x11\xFE\xE2\x0F\x9C\x0E+\x12\xC1y\x87\xB4\xCA\xC9\f.\xF5M[0!\xC6\x8B\xFE"
177
+ ```
178
+
179
+ ### Validating encoded hashes
180
+
181
+ If you need to check ahead of time whether an encoded password hash is a valid Argon2id hash (e.g. if you're migrating between hashing functions and need to test what kind of password has been stored for a user), you can use `Argon2id::Password.valid_hash?` like so:
182
+
183
+ ```ruby
184
+ Argon2id::Password.valid_hash?("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc")
185
+ #=> true
186
+
187
+ Argon2id::Password.valid_hash?("$2a$12$stsRn7Mi9r02.keRyF4OK.Aq4UWOU185lWggfUQfcupAi.b7AI/nS")
188
+ #=> false
189
+ ```
190
+
191
+ ### Errors
192
+
193
+ Any errors returned from Argon2 will be raised as `Argon2id::Error`, e.g.
194
+
195
+ ```ruby
196
+ Argon2id::Password.create("password", salt_len: 0)
197
+ # Salt is too short (Argon2id::Error)
198
+ ```
199
+
200
+ ### Usage with Active Record
201
+
202
+ If you're planning to use this with Active Record instead of [Rails' own
203
+ bcrypt-based
204
+ `has_secure_password`](https://api.rubyonrails.org/v8.0/classes/ActiveModel/SecurePassword/ClassMethods.html),
205
+ you can use the following as a starting point:
206
+
207
+ #### The `User` model
208
+
209
+ ```ruby
210
+ require "argon2id"
211
+
212
+ # Schema: User(name: string, password_digest:string)
213
+ class User < ApplicationRecord
214
+ attr_reader :password
215
+
216
+ validates :password_digest, presence: true
217
+ validates :password, confirmation: true, allow_blank: true
218
+
219
+ def password=(unencrypted_password)
220
+ if unencrypted_password.nil?
221
+ @password = nil
222
+ self.password_digest = nil
223
+ elsif !unencrypted_password.empty?
224
+ @password = unencrypted_password
225
+ self.password_digest = Argon2id::Password.create(unencrypted_password)
226
+ end
227
+ end
228
+
229
+ def authenticate(unencrypted_password)
230
+ password_digest? && Argon2id::Password.new(password_digest).is_password?(unencrypted_password) && self
231
+ end
232
+
233
+ def password_salt
234
+ Argon2id::Password.new(password_digest).salt if password_digest?
235
+ end
236
+ end
237
+ ```
238
+
239
+ This can then be used like so:
240
+
241
+ ```ruby
242
+ user = User.new(name: "alice", password: "", password_confirmation: "diffpassword")
243
+ user.save #=> false, password required
244
+ user.password = "password"
245
+ user.save #=> false, confirmation doesn't match
246
+ user.password_confirmation = "password"
247
+ user.save #=> true
248
+
249
+ user.authenticate("notright") #=> false
250
+ user.authenticate("password") #=> user
251
+
252
+ User.find_by(name: "alice")&.authenticate("notright") #=> false
253
+ User.find_by(name: "alice")&.authenticate("password") #=> user
254
+ ```
255
+
256
+ ## Requirements
257
+
258
+ This gem requires any of the following to run:
259
+
260
+ * [Ruby](https://www.ruby-lang.org/en/) 2.6 to 3.4
261
+ * [JRuby](https://www.jruby.org) 9.4
262
+ * [TruffleRuby](https://www.graalvm.org/ruby/) 24.1
263
+
264
+ > [!NOTE]
265
+ > The JRuby version of the gem uses
266
+ > [JRuby-OpenSSL](https://github.com/jruby/jruby-openssl)'s implementation of
267
+ > Argon2 while the others use the reference C implementation.
268
+
269
+ ### Native gems
270
+
271
+ Where possible, a pre-compiled native gem will be provided for the following platforms:
272
+
273
+ * Linux
274
+ * `aarch64-linux`, `arm-linux`, `x86-linux`, `x86_64-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.29+, RubyGems 3.3.22+ and Bundler 2.3.21+)
275
+ * [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported with Bundler 2.5.6+
276
+ * macOS `x86_64-darwin` and `arm64-darwin`
277
+ * Windows `x64-mingw32` and `x64-mingw-ucrt`
278
+ * Java: any platform running JRuby 9.4 or higher
279
+
280
+ ### Verifying the gems
281
+
282
+ SHA256 checksums are included in the [release
283
+ notes](https://github.com/mudge/argon2id/releases) for each version and can be
284
+ checked with `sha256sum`, e.g.
285
+
286
+ ```console
287
+ $ gem fetch argon2id -v 0.7.0
288
+ Fetching argon2id-0.7.0-arm64-darwin.gem
289
+ Downloaded argon2id-0.7.0-arm64-darwin
290
+ $ sha256sum argon2id-0.7.0-arm64-darwin.gem
291
+ 26bba5bcefa56827c728222e6df832aef5c8c4f4d3285875859a1d911477ec68 argon2id-0.7.0-arm64-darwin.gem
292
+ ```
293
+
294
+ [GPG](https://www.gnupg.org/) signatures are attached to each release (the
295
+ assets ending in `.sig`) and can be verified if you import [our signing key
296
+ `0x39AC3530070E0F75`](https://mudge.name/39AC3530070E0F75.asc) (or fetch it
297
+ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
298
+ 0x39AC3530070E0F75`):
299
+
300
+ ```console
301
+ $ gpg --verify argon2id-0.7.0-arm64-darwin.gem.sig argon2id-0.7.0-arm64-darwin.gem
302
+ gpg: Signature made Fri 8 Nov 13:45:18 2024 GMT
303
+ gpg: using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
304
+ gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
305
+ gpg: aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
306
+ gpg: WARNING: This key is not certified with a trusted signature!
307
+ gpg: There is no indication that the signature belongs to the owner.
308
+ Primary key fingerprint: 7026 09D9 C790 F45B 577D 7BEC 39AC 3530 070E 0F75
309
+ ```
310
+
311
+ The fingerprint should be as shown above or you can independently verify it
312
+ with the ones shown in the footer of https://mudge.name.
313
+
314
+ ### Installing the `ruby` platform gem
315
+
316
+ > [!WARNING]
317
+ > We strongly recommend using the native gems where possible to avoid the need
318
+ > for compiling the C extension and its dependencies which will take longer and
319
+ > be less reliable.
320
+
321
+ If you wish to compile the gem, you will need to explicitly install the `ruby` platform gem:
322
+
323
+ ```ruby
324
+ # In your Gemfile with Bundler 2.3.18+
325
+ gem "argon2id", force_ruby_platform: true
326
+
327
+ # With Bundler 2.1+
328
+ bundle config set force_ruby_platform true
329
+
330
+ # With older versions of Bundler
331
+ bundle config force_ruby_platform true
332
+
333
+ # Without Bundler
334
+ gem install argon2id --platform=ruby
335
+ ```
336
+
337
+ You will need a full compiler toolchain for compiling Ruby C extensions (see
338
+ [Nokogiri's "The Compiler
339
+ Toolchain"](https://nokogiri.org/tutorials/installing_nokogiri.html#appendix-a-the-compiler-toolchain))
340
+ plus the toolchain required for compiling the vendored version of Argon2.
341
+
342
+ ## Thanks
343
+
344
+ * Thanks to [Mike Dalessio](https://github.com/flavorjones) for his advice and
345
+ [Ruby C Extensions Explained](https://github.com/flavorjones/ruby-c-extensions-explained)
346
+ project
347
+
348
+ ## Contact
349
+
350
+ All issues and suggestions should go to [GitHub
351
+ Issues](https://github.com/mudge/argon2id/issues).
352
+
353
+ ## License
354
+
355
+ This library is licensed under the BSD 3-Clause License, see `LICENSE`.
356
+
357
+ Copyright © 2024, Paul Mucur.
358
+
359
+ ### Dependencies
360
+
361
+ The source code of [Argon2][] is distributed in the gem. This code is copyright
362
+ © 2015 Daniel Dinu, Dmitry Khovratovich (main authors), Jean-Philippe Aumasson
363
+ and Samuel Neves, and dual licensed under the [CC0 License][] and the [Apache
364
+ 2.0 License][].
365
+
366
+ [Argon2]: https://github.com/P-H-C/phc-winner-argon2/
367
+ [OWASP Password Storage Cheat Sheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id
368
+ [bcrypt-ruby]: https://github.com/bcrypt-ruby/bcrypt-ruby
369
+ [CC0 License]: https://creativecommons.org/about/cc0
370
+ [Apache 2.0 License]: https://www.apache.org/licenses/LICENSE-2.0
371
+ [Password Hashing Competition]: https://www.password-hashing.net
data/Rakefile ADDED
@@ -0,0 +1,70 @@
1
+ require "rake/extensiontask"
2
+ require "rake_compiler_dock"
3
+ require "minitest/test_task"
4
+
5
+ CLEAN.add("lib/**/*.{o,so,bundle}", "pkg")
6
+
7
+ cross_platforms = %w[
8
+ aarch64-linux-gnu
9
+ aarch64-linux-musl
10
+ arm-linux-gnu
11
+ arm-linux-musl
12
+ arm64-darwin
13
+ x64-mingw-ucrt
14
+ x64-mingw32
15
+ x86-linux-gnu
16
+ x86-linux-musl
17
+ x86-mingw32
18
+ x86_64-darwin
19
+ x86_64-linux-gnu
20
+ x86_64-linux-musl
21
+ ].freeze
22
+
23
+ ENV["RUBY_CC_VERSION"] = %w[3.4.0 3.3.5 3.2.0 3.1.0 3.0.0 2.7.0 2.6.0].join(":")
24
+
25
+ gemspec = Gem::Specification.load("argon2id.gemspec")
26
+
27
+ Gem::PackageTask.new(gemspec).define
28
+
29
+ namespace :java do
30
+ java_gemspec = gemspec.dup
31
+ java_gemspec.files.reject! { |path| File.fnmatch?("ext/*", path) }
32
+ java_gemspec.extensions.clear
33
+ java_gemspec.platform = Gem::Platform.new("java")
34
+ java_gemspec.required_ruby_version = ">= 3.1.0"
35
+
36
+ Gem::PackageTask.new(java_gemspec).define
37
+ end
38
+
39
+ Rake::ExtensionTask.new("argon2id", gemspec) do |e|
40
+ e.lib_dir = "lib/argon2id"
41
+ e.cross_compile = true
42
+ e.cross_platform = cross_platforms
43
+ end
44
+
45
+ Minitest::TestTask.create
46
+
47
+ begin
48
+ require "ruby_memcheck"
49
+
50
+ namespace :test do
51
+ RubyMemcheck::TestTask.new(valgrind: :compile)
52
+ end
53
+ rescue LoadError
54
+ # Only define the test:valgrind task if ruby_memcheck is installed
55
+ end
56
+
57
+ namespace :gem do
58
+ cross_platforms.each do |platform|
59
+ desc "Compile and build native gem for #{platform}"
60
+ task platform do
61
+ RakeCompilerDock.sh <<~SCRIPT, platform: platform, verbose: true
62
+ gem install bundler --no-document &&
63
+ bundle &&
64
+ bundle exec rake native:#{platform} pkg/#{gemspec.full_name}-#{Gem::Platform.new(platform)}.gem PATH="/usr/local/bin:$PATH"
65
+ SCRIPT
66
+ end
67
+ end
68
+ end
69
+
70
+ task default: [:compile, :test]
data/argon2id.gemspec ADDED
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "lib/argon2id/version"
4
+
5
+ Gem::Specification.new do |s|
6
+ s.name = "argon2id"
7
+ s.version = Argon2id::VERSION
8
+ s.summary = "Ruby bindings to Argon2"
9
+ s.description = "Ruby bindings to Argon2, the password-hashing function that won the 2015 Password Hashing Competition."
10
+ s.license = "BSD-3-Clause"
11
+ s.authors = ["Paul Mucur"]
12
+ s.homepage = "https://github.com/mudge/argon2id"
13
+ s.metadata = {
14
+ "bug_tracker_uri" => "https://github.com/mudge/argon2id/issues",
15
+ "changelog_uri" => "https://github.com/mudge/argon2id/blob/main/CHANGELOG.md",
16
+ "funding_uri" => "https://github.com/sponsors/mudge",
17
+ "homepage_uri" => "https://github.com/mudge/argon2id",
18
+ "source_code_uri" => "https://github.com/mudge/argon2id",
19
+ "rubygems_mfa_required" => "true"
20
+ }
21
+ s.required_ruby_version = ">= 2.6.0"
22
+ s.extensions = ["ext/argon2id/extconf.rb"]
23
+ s.files = [
24
+ "CHANGELOG.md",
25
+ "Gemfile",
26
+ "LICENSE",
27
+ "README.md",
28
+ "Rakefile",
29
+ "argon2id.gemspec",
30
+ "ext/argon2id/argon2id.c",
31
+ "ext/argon2id/extconf.rb",
32
+ "ext/argon2id/libargon2/LICENSE",
33
+ "ext/argon2id/libargon2/argon2.c",
34
+ "ext/argon2id/libargon2/argon2.h",
35
+ "ext/argon2id/libargon2/blake2/blake2-impl.h",
36
+ "ext/argon2id/libargon2/blake2/blake2.h",
37
+ "ext/argon2id/libargon2/blake2/blake2b.c",
38
+ "ext/argon2id/libargon2/blake2/blamka-round-opt.h",
39
+ "ext/argon2id/libargon2/blake2/blamka-round-ref.h",
40
+ "ext/argon2id/libargon2/core.c",
41
+ "ext/argon2id/libargon2/core.h",
42
+ "ext/argon2id/libargon2/encoding.c",
43
+ "ext/argon2id/libargon2/encoding.h",
44
+ "ext/argon2id/libargon2/ref.c",
45
+ "ext/argon2id/libargon2/thread.c",
46
+ "ext/argon2id/libargon2/thread.h",
47
+ "lib/argon2id.rb",
48
+ "lib/argon2id/extension.rb",
49
+ "lib/argon2id/password.rb",
50
+ "lib/argon2id/version.rb",
51
+ "test/argon2id/test_password.rb",
52
+ "test/test_argon2id.rb"
53
+ ]
54
+ s.rdoc_options = ["--main", "README.md"]
55
+
56
+ s.add_development_dependency("rake-compiler", "~> 1.2")
57
+ s.add_development_dependency("rake-compiler-dock", "~> 1.7")
58
+ s.add_development_dependency("minitest", "~> 5.25")
59
+ end