sorcery-argon2 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/CHANGELOG.md ADDED
@@ -0,0 +1,20 @@
1
+ # Changelog
2
+
3
+ Historical changelog for all versions.
4
+
5
+ ## HEAD
6
+
7
+ ## v1.0.0
8
+
9
+ This project has been forked from
10
+ [Technion's original argon2 wrapper](https://github.com/technion/ruby-argon2).
11
+
12
+ If you previously used `argon2` and would like to update to `sorcery-argon2`,
13
+ please see: [Migrating from `argon2` to `sorcery-argon2`](README.md#migrating-from-argon2-to-sorcery-argon2)
14
+
15
+ Changes between `argon2 - 2.0.3` and `sorcery-argon2 - 1.0.0`:
16
+
17
+ * Refactored Argon2::Password to include additional helpers and simplify hash
18
+ creation.
19
+ * Renamed top level exception from: `Argon2::ArgonHashHail` to: `Argon2::Error`
20
+ * Added new exceptions that inherit from the top level exception.
@@ -0,0 +1,14 @@
1
+ # The Sorcery Community Code of Conduct
2
+
3
+ This document provides a few simple community guidelines for a safe, respectful,
4
+ productive, and collaborative place for any person who is willing to contribute
5
+ to the Sorcery community. It applies to all "collaborative spaces", which are
6
+ defined as community communications channels (such as mailing lists, submitted
7
+ patches, commit comments, etc.).
8
+
9
+ * Participants will be tolerant of opposing views.
10
+ * Participants must ensure that their language and actions are free of personal
11
+ attacks and disparaging personal remarks.
12
+ * When interpreting the words and actions of others, participants should always
13
+ assume good intentions.
14
+ * Behaviour which can be reasonably considered harassment will not be tolerated.
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ # frozen_string_literal: true
2
+
3
+ source 'https://rubygems.org'
4
+
5
+ # Specify your gem's dependencies in argon2.gemspec
6
+ gemspec
data/LICENSE.md ADDED
@@ -0,0 +1,23 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2021 [Josh Buker](mailto:crypto@joshbuker.com)
4
+
5
+ Copyright (c) 2015-2021 Technion
6
+
7
+ Permission is hereby granted, free of charge, to any person obtaining a copy
8
+ of this software and associated documentation files (the "Software"), to deal
9
+ in the Software without restriction, including without limitation the rights
10
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11
+ copies of the Software, and to permit persons to whom the Software is
12
+ furnished to do so, subject to the following conditions:
13
+
14
+ The above copyright notice and this permission notice shall be included in
15
+ all copies or substantial portions of the Software.
16
+
17
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23
+ THE SOFTWARE.
data/MAINTAINING.md ADDED
@@ -0,0 +1,65 @@
1
+ # Maintaining Sorcery-Argon2
2
+
3
+ This will eventually be fleshed out so that anyone should be able to pick up and
4
+ maintain Sorcery-Argon2 by following this guide. It will provide step-by-step
5
+ guides for common tasks such as releasing new versions, as well as explain how
6
+ to triage issues and keep the CHANGELOG up-to-date.
7
+
8
+ ## Table of Contents
9
+
10
+ 1. [Merging Pull Requests](#merging-pull-requests)
11
+ 1. [Versioning](#versioning)
12
+ 1. [Version Naming](#version-naming)
13
+ 1. [Releasing a New Version](#releasing-a-new-version)
14
+
15
+ ## Merging Pull Requests
16
+
17
+ TODO
18
+
19
+ ## Versioning
20
+
21
+ ### Version Naming
22
+
23
+ Sorcery-Argon2 uses semantic versioning which can be found at:
24
+ https://semver.org/
25
+
26
+ All versions of Sorcery-Argon2 should follow this format: `MAJOR.MINOR.PATCH`
27
+
28
+ Where:
29
+
30
+ * MAJOR - Includes backwards **incompatible** changes.
31
+ * MINOR - Introduces new functionality but is fully backwards compatible.
32
+ * PATCH - Fixes errors in existing functionality (must be backwards compatible).
33
+
34
+ The changelog and git tags should use `vMAJOR.MINOR.PATCH` to indicate that the
35
+ number represents a version of Sorcery-Argon2. For example, `1.0.0` would become
36
+ `v1.0.0`.
37
+
38
+ ### Releasing a New Version
39
+
40
+ When it's time to release a new version, you'll want to ensure all the changes
41
+ you need are on the master branch and that there is a passing build. Then follow
42
+ this checklist and prepare a release commit:
43
+
44
+ NOTE: `X.Y.Z` and `vX.Y.Z` are given as examples, and should be replaced with
45
+ whatever version you are releasing. See: [Version Naming](#version-naming)
46
+
47
+ 1. Update CHANGELOG.md
48
+ 1. Check for any changes that have been included since the last release that
49
+ are not reflected in the changelog. Add any missing entries to the `HEAD`
50
+ section.
51
+ 1. Check the changes in `HEAD` to determine what version increment is
52
+ appropriate. See [Version Naming](#version-naming) if unsure.
53
+ 1. Replace `## HEAD` with `## vX.Y.Z` and create a new `## HEAD` section
54
+ above the latest version.
55
+ 1. Update Gem Version
56
+ 1. Update `./lib/argon2/version.rb` Argon2::VERSION to `'X.Y.Z'`
57
+ 1. Stage your changes and create a commit
58
+ 1. `git add -A`
59
+ 1. `git commit -m "Release vX.Y.Z"`
60
+ 1. `git push`
61
+ 1. Gem Release
62
+ 1. `gem build`
63
+ 1. `gem push <filename>`
64
+ 1. TODO: Version tagging
65
+ 1. Release new version via github interface
data/README.md ADDED
@@ -0,0 +1,164 @@
1
+ # Argon2 - Ruby Wrapper
2
+
3
+ Forked from [technion/ruby-argon2](https://github.com/technion/ruby-argon2) aka
4
+ the `argon2` gem, `v2.0.3`. See below for a migration guide if you would like to
5
+ move an existing application from `argon2` to `sorcery-argon2`.
6
+
7
+ [Why was `argon2` forked?](https://github.com/technion/ruby-argon2/pull/44#issuecomment-816271661)
8
+
9
+ ## Table of Contents
10
+
11
+ 1. [Useful Links](#useful-links)
12
+ 2. [API Summary](#api-summary)
13
+ 3. [Installation](#installation)
14
+ 4. [Migrating from `argon2` to `sorcery-argon2`](#migrating-from-argon2-to-sorcery-argon2)
15
+ 5. [Contributing](#contributing)
16
+ 6. [Contact](#contact)
17
+ 7. [License](#license)
18
+
19
+ ## Useful Links
20
+
21
+ * [Documentation](https://rubydoc.info/gems/sorcery-argon2)
22
+
23
+ ## API Summary
24
+
25
+ Below is a summary of the library methods. Most method names are self explaining
26
+ and the rest are commented:
27
+
28
+ ### Argon2::Password
29
+
30
+ ```ruby
31
+ # Class methods
32
+ Argon2::Password.create(password, options = {})
33
+ Argon2::Password.valid_hash?(digest)
34
+ Argon2::Password.verify_password(password, digest, pepper = nil)
35
+
36
+ # Instance Methods
37
+ argon2 = Argon2::Password.new(digest)
38
+ argon2 == other_argon2
39
+ argon2.matches?(password, pepper = nil)
40
+ argon2.to_s # Returns the digest as a String
41
+ argon2.to_str # Also returns the digest as a String
42
+
43
+ # Argon2::Password Attributes (readonly)
44
+ argon2.digest
45
+ argon2.variant
46
+ argon2.version
47
+ argon2.t_cost
48
+ argon2.m_cost
49
+ argon2.p_cost
50
+ argon2.salt
51
+ argon2.checksum
52
+ ```
53
+
54
+ ### Errors
55
+
56
+ ```ruby
57
+ Argon2::Error
58
+ Argon2::Errors::InvalidHash
59
+ Argon2::Errors::InvalidVersion
60
+ Argon2::Errors::InvalidCost
61
+ Argon2::Errors::InvalidTCost
62
+ Argon2::Errors::InvalidMCost
63
+ Argon2::Errors::InvalidPCost
64
+ Argon2::Errors::InvalidPassword
65
+ Argon2::Errors::InvalidSaltSize
66
+ Argon2::Errors::InvalidOutputLength
67
+ Argon2::Errors::ExtError
68
+ ```
69
+
70
+ ## Installation
71
+
72
+ Add this line to your application's Gemfile:
73
+
74
+ ```ruby
75
+ gem 'sorcery-argon2'
76
+ ```
77
+
78
+ And then execute:
79
+
80
+ ```
81
+ $ bundle
82
+ ```
83
+
84
+ Or install it yourself as:
85
+
86
+ ```
87
+ $ gem install sorcery-argon2
88
+ ```
89
+
90
+ Require Sorcery-Argon2 in your project:
91
+
92
+ ```ruby
93
+ require 'argon2'
94
+ ```
95
+
96
+ ## Migrating from `argon2` to `sorcery-argon2`
97
+
98
+ There are two primary changes going from `argon2` to `sorcery-argon2`:
99
+
100
+ ### The Argon2::Password API has been refactored
101
+
102
+ **Argon2::Password.new and Argon2::Password.create are now different.**
103
+
104
+ Argon2::Passwords can now be created without initializing an instance first.
105
+
106
+ To upgrade:
107
+
108
+ ```ruby
109
+ # Take instances where you abstract creating the password by first exposing an
110
+ # Object instance:
111
+ instance = Argon2::Password.new(m_cost: some_m_cost)
112
+ instance.create(input_password)
113
+
114
+ # And remove the abstraction step:
115
+ Argon2::Password.create(input_password, m_cost: some_m_cost)
116
+ ```
117
+
118
+ **Argon2::Password.create no longer accept custom salts.**
119
+
120
+ You should not be providing your own salt to the Argon2 algorithm (it does it
121
+ for you). Previously you could pass an option of `salt_do_not_supply`, which has
122
+ been removed in `sorcery-argon2 - v1.0.0`.
123
+
124
+ ### The errors have been restructured
125
+
126
+ **The root level error has been renamed.**
127
+
128
+ Argon2::ArgonHashFail has been renamed to Argon2::Error
129
+
130
+ To upgrade:
131
+
132
+ ```ruby
133
+ # Find any instances of Argon2::ArgonHashFail, for example...
134
+ def login(username, password)
135
+ [...]
136
+ rescue Argon2::ArgonHashFail
137
+ [...]
138
+ end
139
+
140
+ # And do a straight 1:1 replacement
141
+ def login(username, password)
142
+ [...]
143
+ rescue Argon2::Error
144
+ [...]
145
+ end
146
+ ```
147
+
148
+ ## Contributing
149
+
150
+ Bug reports and pull requests are welcome on GitHub at
151
+ [Sorcery/argon2](https://github.com/Sorcery/argon2).
152
+
153
+ ## Contact
154
+
155
+ Feel free to ask questions using these contact details:
156
+
157
+ **Current Maintainers:**
158
+
159
+ * Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
160
+
161
+ ## License
162
+
163
+ This gem is available as open source under the terms of the
164
+ [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/gem_tasks"
4
+ require "rake/testtask"
5
+ require 'rubocop/rake_task'
6
+
7
+ RuboCop::RakeTask.new
8
+
9
+ Rake::TestTask.new(:test) do |t|
10
+ t.libs << "test"
11
+ t.libs << "lib"
12
+ t.warning = true
13
+ t.test_files = FileList['test/**/*_test.rb']
14
+ end
15
+
16
+ task :default => %i[test rubocop]
data/SECURITY.md ADDED
@@ -0,0 +1,17 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ | Version | Supported |
6
+ | --------- | ------------------ |
7
+ | ~> 1.0.0 | :white_check_mark: |
8
+
9
+ ## Reporting a Vulnerability
10
+
11
+ Email the current maintainer(s) with a description of the vulnerability. You
12
+ should expect a response within 48 hours. If the vulnerability is accepted, a
13
+ Github advisory will be created and eventually released with a CVE corresponding
14
+ to the issue found.
15
+
16
+ A list of the current maintainers can be found on the README under the contact
17
+ section. See: [README.md](https://github.com/Sorcery/argon2#contact)
data/bin/console ADDED
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'bundler/setup'
5
+ require 'argon2'
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ # (If you use this, don't forget to add pry to your Gemfile!)
11
+ # require 'pry'
12
+ # Pry.start
13
+
14
+ require 'irb'
15
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,11 @@
1
+ #!/bin/bash
2
+ # Exit the script immediately if a command fails
3
+ set -euo pipefail
4
+ # Internal Field Separator
5
+ IFS=$'\n\t'
6
+
7
+ # Build the Argon2 C Library. Git submodules must be initialized first!
8
+ bundle install
9
+ cd ext/argon2_wrap/
10
+ make
11
+ cd ../..
data/bin/test ADDED
@@ -0,0 +1,10 @@
1
+ #!/bin/bash
2
+ # Exit the script immediately if a command fails
3
+ set -euo pipefail
4
+ # Internal Field Separator
5
+ IFS=$'\n\t'
6
+
7
+ # Run the Argon2 C Library tests
8
+ cd ext/argon2_wrap/
9
+ make test
10
+ cd ../..
@@ -0,0 +1,74 @@
1
+ # Argon Wrapper Makefile
2
+ # This file is based on the original Argon2 reference
3
+ # Argon2 source code package
4
+ #
5
+ # This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
6
+ #
7
+ # You should have received a copy of the CC0 Public Domain Dedication along with
8
+ # this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
9
+ #
10
+
11
+ DIST_SRC = ../phc-winner-argon2/src
12
+ SRC = $(DIST_SRC)/argon2.c $(DIST_SRC)/core.c $(DIST_SRC)/blake2/blake2b.c $(DIST_SRC)/thread.c $(DIST_SRC)/encoding.c argon_wrap.c
13
+ OBJ = $(SRC:.c=.o)
14
+
15
+ CFLAGS = -pthread -O3 -Wall -g -I../phc-winner-argon2/include -I../phc-winner-argon2/src
16
+
17
+ OPTTEST := $(shell $(CC) -Iinclude -Isrc -march=native src/opt.c -c 2>/dev/null; echo $$?)
18
+ # Detect compatible platform
19
+ ifneq ($(OPTTEST), 0)
20
+ SRC += $(DIST_SRC)/ref.c
21
+ else
22
+ CFLAGS += -march=native
23
+ SRC += $(DIST_SRC)/opt.c
24
+ endif
25
+
26
+
27
+ BUILD_PATH := $(shell pwd)
28
+ KERNEL_NAME := $(shell uname -s)
29
+
30
+ LIB_NAME=argon2_wrap
31
+ ifeq ($(KERNEL_NAME), Linux)
32
+ LIB_EXT := so
33
+ LIB_CFLAGS := -shared -fPIC
34
+ endif
35
+ ifeq ($(KERNEL_NAME), NetBSD)
36
+ LIB_EXT := so
37
+ LIB_CFLAGS := -shared -fPIC
38
+ endif
39
+ ifeq ($(KERNEL_NAME), Darwin)
40
+ LIB_EXT := bundle
41
+ LIB_CFLAGS := -bundle
42
+ endif
43
+ ifeq ($(findstring MINGW, $(KERNEL_NAME)), MINGW)
44
+ LIB_EXT := dll
45
+ LIB_CFLAGS := -shared -Wl,--out-implib,lib$(LIB_NAME).$(LIB_EXT).a
46
+ endif
47
+ ifeq ($(KERNEL_NAME), $(filter $(KERNEL_NAME),OpenBSD FreeBSD))
48
+ LIB_EXT := so
49
+ LIB_CFLAGS := -shared -fPIC
50
+ endif
51
+ ifeq ($(KERNEL_NAME), SunOS)
52
+ CC := gcc
53
+ CFLAGS += -D_REENTRANT
54
+ LIB_EXT := so
55
+ LIB_CFLAGS := -shared -fPIC
56
+ endif
57
+
58
+ LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
59
+
60
+ all: libs
61
+ libs: $(SRC)
62
+ $(CC) $(CFLAGS) $(LIB_CFLAGS) $^ -o libargon2_wrap.$(LIB_EXT)
63
+
64
+ #Deliberately avoiding the CFLAGS for our test cases - disable optimise and
65
+ #C89
66
+ test: $(SRC) test.c
67
+ clang -pthread -O3 -fsanitize=address -fsanitize=undefined -Wall -g $^ -o tests $(CFLAGS)
68
+ ./tests
69
+
70
+ clean:
71
+ rm -f tests libargon2_wrap.$(LIB_EXT)
72
+
73
+ install:
74
+ echo none