RubyGems - rbnacl-libsodium - Versions diffs - 1.0.13 → 1.0.15 - Mend

rbnacl-libsodium 1.0.13 → 1.0.15

Files changed (201) hide show

data/vendor/libsodium/test/default/{pwhash.exp → pwhash_argon2i.exp} RENAMED

@@ -8,5 +8,4 @@ c121209f0ba70aed93d49200e5dc82cce013cef25ea31e160bf8db3cf448a59d1a56f6c19259e18e
 e942951dfbc2d508294b10f9e97b47d0cd04e668a043cb95679cc1139df7c27cd54367688725be9d069f5704c12223e7e4ca181fbd0bed18bb4634795e545a6c04a7306933a41a794baedbb628d41bc285e0b9084055ae136f6b63624c874f5a1e1d8be7b0b7227a171d2d7ed578d88bfdcf18323198962d0dcad4126fd3f21adeb1e11d66252ea0c58c91696e91031bfdcc2a9dc0e028d17b9705ba2d7bcdcd1e3ba75b4b1fea
 9fbbc02a420b00614a49a8e8d89834df368fa54dbef5dce7f9928f4d09f45ce22766598c0c979a707b1df130ab8d63802447923f6e8b89b3c183d71d694161569b1937d8b58f0091fcb8b1f48f2e3f43067bb2498b727fb62cc776ed39219613aa2083619385ec64dfb38f3cda7fddce9cec708a1aa5e9b09d6a5f063cda6c644c5e4a6c1bba9362b27f050984ee3a91bbed69160c95d63c04724f
 28645e1a4f5bc2a58786c87f0d88c2c68047b874b122e2c3936fb6adf26d7ca8fbcb872a8aef282ff202526a91b8ca1d0926c4ae0f5429c342bfd4987916b147ccaa1624bbb2d3f197e56601a541939a1a867ee659515d379d252c8b53aa2297b6008f97bc4a246040b0fb4f46754482884ff04bdade7ffc74989c68ec085de660ef2071db22bacc227d43af282a2336049d78fe0b8ff543628dc8
-[tv3] pwhash_str failure (maybe intentional): [0]
 OK

data/vendor/libsodium/test/default/pwhash_argon2id.c CHANGED

@@ -79,7 +79,7 @@ tv(void)
           167, 3, 1784128, 1 },
     };
     char          passwd[256];
-    unsigned char salt[crypto_pwhash_argon2id_SALTBYTES];
+    unsigned char salt[crypto_pwhash_SALTBYTES];
     unsigned char out[256];
     char          out_hex[256 * 2 + 1];
     size_t        i = 0U;
@@ -90,10 +90,10 @@ tv(void)
                        NULL, NULL);
         sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
                        strlen(tests[i].salt_hex), NULL, NULL, NULL);
-        if (crypto_pwhash_argon2id(out, (unsigned long long) tests[i].outlen, passwd,
-                                   tests[i].passwd_len, (const unsigned char *) salt,
-                                   tests[i].opslimit, tests[i].memlimit,
-                                   crypto_pwhash_argon2id_alg_argon2id13()) != 0) {
+        if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd,
+                          tests[i].passwd_len, (const unsigned char *) salt,
+                          tests[i].opslimit, tests[i].memlimit,
+                          crypto_pwhash_alg_default()) != 0) {
             printf("[tv] pwhash failure (maybe intentional): [%u]\n",
                    (unsigned int) i);
             continue;
@@ -131,7 +131,7 @@ tv2(void)
           155, 3, 1397645, 1 },
     };
     char          passwd[256];
-    unsigned char salt[crypto_pwhash_argon2id_SALTBYTES];
+    unsigned char salt[crypto_pwhash_SALTBYTES];
     unsigned char out[256];
     char          out_hex[256 * 2 + 1];
     size_t        i = 0U;
@@ -142,10 +142,10 @@ tv2(void)
                        NULL, NULL);
         sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
                        strlen(tests[i].salt_hex), NULL, NULL, NULL);
-        if (crypto_pwhash_argon2id(out, (unsigned long long) tests[i].outlen, passwd,
-                                   tests[i].passwd_len, (const unsigned char *) salt,
-                                   tests[i].opslimit, tests[i].memlimit,
-                                   crypto_pwhash_argon2id_alg_argon2id13()) != 0) {
+        if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd,
+                          tests[i].passwd_len, (const unsigned char *) salt,
+                          tests[i].opslimit, tests[i].memlimit,
+                          crypto_pwhash_alg_default()) != 0) {
             printf("[tv2] pwhash failure: [%u]\n", (unsigned int) i);
             continue;
         }
@@ -187,17 +187,17 @@ tv3(void)
         const char *out;
     } tests[] = {
         { "",
-          "$argon2i$v=19$m=4096,t=1,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++"
-          "MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" },
+          "$argon2id$v=19$m=4096,t=0,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" },
         { "",
-          "$argon2i$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/"
-          "Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" },
+          "$argon2id$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" },
+        { "",
+          "$argon2id$v=19$m=4882,t=2,p=1$bA81arsiXysd3WbTRzmEOw$Nm8QBM+7RH1DXo9rvp5cwKEOOOfD2g6JuxlXihoNcpE" },
+        { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
+          "$argon2id$v=19$m=4096,t=0,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" },
         { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
-          "$argon2i$v=19$m=4096,t=3,p=2$X1NhbHQAAAAAAAAAAAAAAA$z/QMiU4lQxGsYNc/"
-          "+K/bizwsA1P11UG2dj/7+aILJ4I" },
+          "$argon2id$v=19$m=4096,t=19,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" },
         { "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*",
-          "$argon2i$v=19$m=4096,t=3,p=1$X1NhbHQAAAAAAAAAAAAAAA$fu2Wsecyt+"
-          "yPnBvSvYN16oP5ozRmkp0ixJ1YL19V3Uo" }
+          "$argon2id$v=19$m=4096,t=1,p=3$PkEgcHJldHR5IGxvbmcgc2FsdA$HUqx5Z1b/ZypnUrvvJ5UC2Q+T6Q1WwASK/Kr9dRbGA0" }
     };
     char   *out;
     char   *passwd;
@@ -210,7 +210,7 @@ tv3(void)
         passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
         assert(passwd != NULL);
         memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
-        if (crypto_pwhash_argon2id_str_verify(out, passwd, strlen(passwd)) != 0) {
+        if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) {
             printf("[tv3] pwhash_argon2id_str failure (maybe intentional): [%u]\n",
                    (unsigned int) i);
             continue;
@@ -220,167 +220,277 @@ tv3(void)
     } while (++i < (sizeof tests) / (sizeof tests[0]));
 }
-int
-main(void)
+static void
+str_tests(void)
 {
     char       *str_out;
     char       *str_out2;
     char       *salt;
     const char *passwd = "Correct Horse Battery Staple";
-    tv();
-    tv2();
-    tv3();
     salt     = (char *) sodium_malloc(crypto_pwhash_argon2id_SALTBYTES);
     str_out  = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES);
     str_out2 = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES);
     memcpy(salt, ">A 16-bytes salt", crypto_pwhash_argon2id_SALTBYTES);
-    if (crypto_pwhash_argon2id_str(str_out, passwd, strlen(passwd), OPSLIMIT,
-                                   MEMLIMIT) != 0) {
-        printf("pwhash_argon2id_str failure: %s\n", strerror(errno));
-        return 1;
+    if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT,
+                          MEMLIMIT) != 0) {
+        printf("pwhash_str failure\n");
     }
-    exit(0);
-    if (crypto_pwhash_argon2id_str(str_out2, passwd, strlen(passwd), OPSLIMIT,
-                                   MEMLIMIT) != 0) {
-        printf("pwhash_argon2id_str(2) failure\n");
-        return 1;
+    if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT,
+                          MEMLIMIT) != 0) {
+        printf("pwhash_str(2) failure\n");
     }
     if (strcmp(str_out, str_out2) == 0) {
-        printf("pwhash_argon2id_str() doesn't generate different salts\n");
+        printf("pwhash_str() doesn't generate different salts\n");
+    }
+    if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0 ||
+        crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) {
+        printf("needs_rehash() false positive\n");
+    }
+    if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 ||
+        crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != 1 ||
+        crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 ||
+        crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != 1) {
+        printf("needs_rehash() false negative (0)\n");
+    }
+    if (crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 ||
+        crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != 1 ||
+        crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 ||
+        crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != 1) {
+        printf("needs_rehash() false negative (1)\n");
+    }
+    if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != -1 ||
+        crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != -1 ||
+        crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != -1 ||
+        crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != -1) {
+        printf("needs_rehash() false negative (2)\n");
+    }
+    if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1 ||
+        crypto_pwhash_argon2id_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) {
+        printf("needs_rehash() didn't fail with an invalid hash string\n");
     }
     if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out),
-                       crypto_pwhash_argon2id_STRBYTES - strlen(str_out)) != 1 ||
+                       crypto_pwhash_STRBYTES - strlen(str_out)) != 1 ||
         sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2),
-                       crypto_pwhash_argon2id_STRBYTES - strlen(str_out2)) != 1) {
+                       crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) {
         printf("pwhash_argon2id_str() doesn't properly pad with zeros\n");
     }
     if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != 0) {
         printf("pwhash_argon2id_str_verify(1) failure\n");
     }
+    if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) {
+        printf("pwhash_str_verify(1') failure\n");
+    }
     str_out[14]++;
-    if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != -1) {
+    if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) {
         printf("pwhash_argon2id_str_verify(2) failure\n");
     }
     str_out[14]--;
     assert(str_out[crypto_pwhash_argon2id_STRBYTES - 1U] == 0);
-    if (crypto_pwhash_argon2id_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT,
+    if (crypto_pwhash_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT,
                           MEMLIMIT) != -1) {
-        printf("pwhash_argon2id_str() with a large password should have failed\n");
-        return 1;
-    }
-    if (crypto_pwhash_argon2id_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) !=
-        -1) {
-        printf("pwhash_argon2id_str() with a small opslimit should have failed\n");
-        return 1;
-    }
-    if (crypto_pwhash_argon2id_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
-                                          "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                          "password", 0x100000000ULL) != -1) {
-        printf("pwhash_argon2id_str_verify(invalid(0)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
-                                          "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                          "password", strlen("password")) != -1) {
-        printf("pwhash_argon2id_str_verify(invalid(1)) failure %d\n", errno);
-    }
-    if (crypto_pwhash_argon2id_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
-                                          "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
-                                          "password", strlen("password")) != -1) {
-        printf("pwhash_argon2id_str_verify(invalid(2)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
-                                          "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo",
-                                          "password", strlen("password")) != -1) {
-        printf("pwhash_argon2id_str_verify(invalid(3)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ"
-                                          "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
-                                          "password", strlen("password")) != -1) {
-        printf("pwhash_argon2id_str_verify(invalid(4)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
-                                          "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
-                                          "password", strlen("password")) != -1) {
-        printf("pwhash_argon2id_str_verify(invalid(5)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
-                                          "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM",
-                                          "password", strlen("password")) != -1) {
-        printf("pwhash_argon2id_str_verify(invalid(6)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify(
-                                          "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
-                                          "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
-                                          "password", strlen("password")) != 0) {
-        printf("pwhash_argon2id_str_verify(valid(7)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify(
-                                          "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
-                                          "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
-                                          "passwore", strlen("passwore")) != -1 || errno != EINVAL) {
-        printf("pwhash_argon2id_str_verify(invalid(7)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify(
-                                          "$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
-                                          "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
-                                          "password", strlen("password")) != -1 || errno != EINVAL) {
-        printf("pwhash_argon2id_str_verify(invalid(8)) failure\n");
-    }
-    if (crypto_pwhash_argon2id_str_verify(
-                                          "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
-                                          "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
-                                          "password", strlen("password")) != -1 || errno != EINVAL) {
-        printf("pwhash_argon2id_str_verify(invalid(9)) failure\n");
-    }
-    assert(crypto_pwhash_argon2id_bytes_min() > 0U);
-    assert(crypto_pwhash_argon2id_bytes_max() > crypto_pwhash_argon2id_bytes_min());
-    assert(crypto_pwhash_argon2id_passwd_max() > crypto_pwhash_argon2id_passwd_min());
-    assert(crypto_pwhash_argon2id_saltbytes() > 0U);
-    assert(crypto_pwhash_argon2id_strbytes() > 1U);
-    assert(crypto_pwhash_argon2id_strbytes() > strlen(crypto_pwhash_argon2id_strprefix()));
+        printf("pwhash_str() with a large password should have failed\n");
+    }
+    if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != 0) {
+        printf("pwhash_str() with a small opslimit should not have failed\n");
+    }
+    if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 0, MEMLIMIT) != -1) {
+        printf("pwhash_argon2id_str() with a null opslimit should have failed\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ"
+                                 "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
+                                 "password", 0x100000000ULL) != -1) {
+        printf("pwhash_str_verify(invalid(0)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ"
+                                 "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
+                                 "password", strlen("password")) != -1) {
+        printf("pwhash_str_verify(invalid(1)) failure %d\n", errno);
+    }
+    if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ"
+                                 "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
+                                 "password", strlen("password")) != -1) {
+        printf("pwhash_str_verify(invalid(2)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ"
+                                 "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo",
+                                 "password", strlen("password")) != -1) {
+        printf("pwhash_str_verify(invalid(3)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1c29tZXNhbHQ"
+                                 "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
+                                 "password", strlen("password")) != -1) {
+        printf("pwhash_str_verify(invalid(4)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
+                                 "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
+                                 "password", strlen("password")) != -1) {
+        printf("pwhash_str_verify(invalid(5)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
+                                 "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM",
+                                 "password", strlen("password")) != -1) {
+        printf("pwhash_str_verify(invalid(6)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
+                                 "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
+                                 "password", strlen("password")) != 0) {
+        printf("pwhash_str_verify(valid(7)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
+                                 "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
+                                 "passwore", strlen("passwore")) != -1 || errno != EINVAL) {
+        printf("pwhash_str_verify(invalid(7)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
+                                 "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
+                                 "password", strlen("password")) != -1 || errno != EINVAL) {
+        printf("pwhash_str_verify(invalid(8)) failure\n");
+    }
+    if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc"
+                                 "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
+                                 "password", strlen("password")) != -1 || errno != EINVAL) {
+        printf("pwhash_str_verify(invalid(9)) failure\n");
+    }
+    assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
+                                 crypto_pwhash_ALG_ARGON2ID13) == 0);
+    assert(crypto_pwhash_argon2id_str_verify(str_out, "test", 4) == 0);
+    assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
+                                                   OPSLIMIT, MEMLIMIT) == 0);
+    assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
+                                                   OPSLIMIT / 2, MEMLIMIT) == 1);
+    assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
+                                                   OPSLIMIT, MEMLIMIT / 2) == 1);
+    assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == 1);
+    assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1);
+    assert(crypto_pwhash_argon2id_str_needs_rehash(str_out + 1,
+                                                   OPSLIMIT, MEMLIMIT) == -1);
+    assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1);
+    assert(crypto_pwhash_argon2i_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
+    assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
+                                 crypto_pwhash_ALG_ARGON2I13) == 0);
+    assert(crypto_pwhash_argon2i_str_verify(str_out, "test", 4) == 0);
+    assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
+                                                  OPSLIMIT, MEMLIMIT) == 0);
+    assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
+                                                  OPSLIMIT / 2, MEMLIMIT) == 1);
+    assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
+                                                  OPSLIMIT, MEMLIMIT / 2) == 1);
+    assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == 1);
+    assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1);
+    assert(crypto_pwhash_argon2i_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
+    assert(crypto_pwhash_argon2i_str_needs_rehash(str_out + 1,
+                                                  OPSLIMIT, MEMLIMIT) == -1);
+    sodium_free(salt);
+    sodium_free(str_out);
+    sodium_free(str_out2);
+}
-    assert(crypto_pwhash_argon2id_opslimit_min() > 0U);
-    assert(crypto_pwhash_argon2id_opslimit_max() > 0U);
-    assert(crypto_pwhash_argon2id_memlimit_min() > 0U);
-    assert(crypto_pwhash_argon2id_memlimit_max() > 0U);
-    assert(crypto_pwhash_argon2id_opslimit_interactive() > 0U);
-    assert(crypto_pwhash_argon2id_memlimit_interactive() > 0U);
-    assert(crypto_pwhash_argon2id_opslimit_moderate() > 0U);
-    assert(crypto_pwhash_argon2id_memlimit_moderate() > 0U);
-    assert(crypto_pwhash_argon2id_opslimit_sensitive() > 0U);
-    assert(crypto_pwhash_argon2id_memlimit_sensitive() > 0U);
+int
+main(void)
+{
+    tv();
+    tv2();
+    tv3();
+    str_tests();
+    assert(crypto_pwhash_bytes_min() > 0U);
+    assert(crypto_pwhash_bytes_max() > crypto_pwhash_bytes_min());
+    assert(crypto_pwhash_passwd_max() > crypto_pwhash_passwd_min());
+    assert(crypto_pwhash_saltbytes() > 0U);
+    assert(crypto_pwhash_strbytes() > 1U);
+    assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix()));
+    assert(crypto_pwhash_opslimit_min() > 0U);
+    assert(crypto_pwhash_opslimit_max() > 0U);
+    assert(crypto_pwhash_memlimit_min() > 0U);
+    assert(crypto_pwhash_memlimit_max() > 0U);
+    assert(crypto_pwhash_opslimit_interactive() > 0U);
+    assert(crypto_pwhash_memlimit_interactive() > 0U);
+    assert(crypto_pwhash_opslimit_moderate() > 0U);
+    assert(crypto_pwhash_memlimit_moderate() > 0U);
+    assert(crypto_pwhash_opslimit_sensitive() > 0U);
+    assert(crypto_pwhash_memlimit_sensitive() > 0U);
+    assert(strcmp(crypto_pwhash_primitive(), "argon2i") == 0);
-    assert(crypto_pwhash_argon2id_bytes_min() == crypto_pwhash_argon2id_BYTES_MIN);
-    assert(crypto_pwhash_argon2id_bytes_max() == crypto_pwhash_argon2id_BYTES_MAX);
-    assert(crypto_pwhash_argon2id_passwd_min() == crypto_pwhash_argon2id_PASSWD_MIN);
-    assert(crypto_pwhash_argon2id_passwd_max() == crypto_pwhash_argon2id_PASSWD_MAX);
-    assert(crypto_pwhash_argon2id_saltbytes() == crypto_pwhash_argon2id_SALTBYTES);
-    assert(crypto_pwhash_argon2id_strbytes() == crypto_pwhash_argon2id_STRBYTES);
+    assert(crypto_pwhash_bytes_min() == crypto_pwhash_BYTES_MIN);
+    assert(crypto_pwhash_bytes_max() == crypto_pwhash_BYTES_MAX);
+    assert(crypto_pwhash_passwd_min() == crypto_pwhash_PASSWD_MIN);
+    assert(crypto_pwhash_passwd_max() == crypto_pwhash_PASSWD_MAX);
+    assert(crypto_pwhash_saltbytes() == crypto_pwhash_SALTBYTES);
+    assert(crypto_pwhash_strbytes() == crypto_pwhash_STRBYTES);
-    assert(crypto_pwhash_argon2id_opslimit_min() == crypto_pwhash_argon2id_OPSLIMIT_MIN);
-    assert(crypto_pwhash_argon2id_opslimit_max() == crypto_pwhash_argon2id_OPSLIMIT_MAX);
-    assert(crypto_pwhash_argon2id_memlimit_min() == crypto_pwhash_argon2id_MEMLIMIT_MIN);
-    assert(crypto_pwhash_argon2id_memlimit_max() == crypto_pwhash_argon2id_MEMLIMIT_MAX);
+    assert(crypto_pwhash_opslimit_min() == crypto_pwhash_OPSLIMIT_MIN);
+    assert(crypto_pwhash_opslimit_max() == crypto_pwhash_OPSLIMIT_MAX);
+    assert(crypto_pwhash_memlimit_min() == crypto_pwhash_MEMLIMIT_MIN);
+    assert(crypto_pwhash_memlimit_max() == crypto_pwhash_MEMLIMIT_MAX);
+    assert(crypto_pwhash_opslimit_interactive() ==
+           crypto_pwhash_OPSLIMIT_INTERACTIVE);
+    assert(crypto_pwhash_memlimit_interactive() ==
+           crypto_pwhash_MEMLIMIT_INTERACTIVE);
+    assert(crypto_pwhash_opslimit_moderate() ==
+           crypto_pwhash_OPSLIMIT_MODERATE);
+    assert(crypto_pwhash_memlimit_moderate() ==
+           crypto_pwhash_MEMLIMIT_MODERATE);
+    assert(crypto_pwhash_opslimit_sensitive() ==
+           crypto_pwhash_OPSLIMIT_SENSITIVE);
+    assert(crypto_pwhash_memlimit_sensitive() ==
+           crypto_pwhash_MEMLIMIT_SENSITIVE);
+    assert(crypto_pwhash_argon2id_bytes_min() == crypto_pwhash_bytes_min());
+    assert(crypto_pwhash_argon2id_bytes_max() == crypto_pwhash_bytes_max());
+    assert(crypto_pwhash_argon2id_passwd_min() == crypto_pwhash_passwd_min());
+    assert(crypto_pwhash_argon2id_passwd_max() == crypto_pwhash_passwd_max());
+    assert(crypto_pwhash_argon2id_saltbytes() == crypto_pwhash_saltbytes());
+    assert(crypto_pwhash_argon2id_strbytes() == crypto_pwhash_strbytes());
+    assert(strcmp(crypto_pwhash_argon2id_strprefix(),
+                  crypto_pwhash_strprefix()) == 0);
+    assert(crypto_pwhash_argon2id_opslimit_min() ==
+           crypto_pwhash_opslimit_min());
+    assert(crypto_pwhash_argon2id_opslimit_max() ==
+           crypto_pwhash_opslimit_max());
+    assert(crypto_pwhash_argon2id_memlimit_min() ==
+           crypto_pwhash_memlimit_min());
+    assert(crypto_pwhash_argon2id_memlimit_max() ==
+           crypto_pwhash_memlimit_max());
     assert(crypto_pwhash_argon2id_opslimit_interactive() ==
-           crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE);
-    assert(crypto_pwhash_argon2id_memlimit_interactive() ==
-           crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE);
+           crypto_pwhash_opslimit_interactive());
     assert(crypto_pwhash_argon2id_opslimit_moderate() ==
-           crypto_pwhash_argon2id_OPSLIMIT_MODERATE);
-    assert(crypto_pwhash_argon2id_memlimit_moderate() ==
-           crypto_pwhash_argon2id_MEMLIMIT_MODERATE);
+           crypto_pwhash_opslimit_moderate());
     assert(crypto_pwhash_argon2id_opslimit_sensitive() ==
-           crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE);
+           crypto_pwhash_opslimit_sensitive());
+    assert(crypto_pwhash_argon2id_memlimit_interactive() ==
+           crypto_pwhash_memlimit_interactive());
+    assert(crypto_pwhash_argon2id_memlimit_moderate() ==
+           crypto_pwhash_memlimit_moderate());
     assert(crypto_pwhash_argon2id_memlimit_sensitive() ==
-           crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE);
-    assert(crypto_pwhash_argon2id_alg_argon2id13() == crypto_pwhash_argon2id_ALG_ARGON2ID13);
+           crypto_pwhash_memlimit_sensitive());
+    assert(crypto_pwhash_alg_argon2id13() ==
+           crypto_pwhash_argon2id_alg_argon2id13());
+    assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_ALG_ARGON2I13);
+    assert(crypto_pwhash_alg_argon2i13() != crypto_pwhash_alg_default());
+    assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_ALG_ARGON2ID13);
+    assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13());
+    assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_alg_default());
-    sodium_free(salt);
-    sodium_free(str_out);
-    sodium_free(str_out2);
+    assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL,
+                                  crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
+                                  crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
+                                  0) == -1);
+    assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL,
+                                 crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
+                                 crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
+                                 crypto_pwhash_ALG_ARGON2I13) == -1);
+    assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL,
+                                 crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
+                                 crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
+                                 0) == -1);
+    assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL,
+                                 crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
+                                 crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
+                                 crypto_pwhash_ALG_ARGON2ID13) == -1);
     printf("OK\n");