sorcery-argon2 1.0.0

data/CHANGELOG.md

@@ -0,0 +1,20 @@
+# Changelog
+
+Historical changelog for all versions.
+
+## HEAD
+
+## v1.0.0
+
+This project has been forked from
+[Technion's original argon2 wrapper](https://github.com/technion/ruby-argon2).
+
+If you previously used `argon2` and would like to update to `sorcery-argon2`,
+please see: [Migrating from `argon2` to `sorcery-argon2`](README.md#migrating-from-argon2-to-sorcery-argon2)
+
+Changes between `argon2 - 2.0.3` and `sorcery-argon2 - 1.0.0`:
+
+* Refactored Argon2::Password to include additional helpers and simplify hash
+  creation.
+* Renamed top level exception from: `Argon2::ArgonHashHail` to: `Argon2::Error`
+* Added new exceptions that inherit from the top level exception.

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,14 @@
+# The Sorcery Community Code of Conduct
+
+This document provides a few simple community guidelines for a safe, respectful,
+productive, and collaborative place for any person who is willing to contribute
+to the Sorcery community. It applies to all "collaborative spaces", which are
+defined as community communications channels (such as mailing lists, submitted
+patches, commit comments, etc.).
+
+* Participants will be tolerant of opposing views.
+* Participants must ensure that their language and actions are free of personal
+  attacks and disparaging personal remarks.
+* When interpreting the words and actions of others, participants should always
+  assume good intentions.
+* Behaviour which can be reasonably considered harassment will not be tolerated.

data/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in argon2.gemspec
+gemspec

data/LICENSE.md

@@ -0,0 +1,23 @@
+MIT License
+
+Copyright (c) 2021 [Josh Buker](mailto:crypto@joshbuker.com)
+
+Copyright (c) 2015-2021 Technion
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/MAINTAINING.md

@@ -0,0 +1,65 @@
+# Maintaining Sorcery-Argon2
+
+This will eventually be fleshed out so that anyone should be able to pick up and
+maintain Sorcery-Argon2 by following this guide. It will provide step-by-step
+guides for common tasks such as releasing new versions, as well as explain how
+to triage issues and keep the CHANGELOG up-to-date.
+
+## Table of Contents
+
+1. [Merging Pull Requests](#merging-pull-requests)
+1. [Versioning](#versioning)
+   1. [Version Naming](#version-naming)
+   1. [Releasing a New Version](#releasing-a-new-version)
+
+## Merging Pull Requests
+
+TODO
+
+## Versioning
+
+### Version Naming
+
+Sorcery-Argon2 uses semantic versioning which can be found at:
+https://semver.org/
+
+All versions of Sorcery-Argon2 should follow this format: `MAJOR.MINOR.PATCH`
+
+Where:
+
+* MAJOR - Includes backwards **incompatible** changes.
+* MINOR - Introduces new functionality but is fully backwards compatible.
+* PATCH - Fixes errors in existing functionality (must be backwards compatible).
+
+The changelog and git tags should use `vMAJOR.MINOR.PATCH` to indicate that the
+number represents a version of Sorcery-Argon2. For example, `1.0.0` would become
+`v1.0.0`.
+
+### Releasing a New Version
+
+When it's time to release a new version, you'll want to ensure all the changes
+you need are on the master branch and that there is a passing build. Then follow
+this checklist and prepare a release commit:
+
+NOTE: `X.Y.Z` and `vX.Y.Z` are given as examples, and should be replaced with
+      whatever version you are releasing. See: [Version Naming](#version-naming)
+
+1. Update CHANGELOG.md
+   1. Check for any changes that have been included since the last release that
+      are not reflected in the changelog. Add any missing entries to the `HEAD`
+      section.
+   1. Check the changes in `HEAD` to determine what version increment is
+      appropriate. See [Version Naming](#version-naming) if unsure.
+   1. Replace `## HEAD` with `## vX.Y.Z` and create a new `## HEAD` section
+      above the latest version.
+1. Update Gem Version
+   1. Update `./lib/argon2/version.rb` Argon2::VERSION to `'X.Y.Z'`
+1. Stage your changes and create a commit
+   1. `git add -A`
+   1. `git commit -m "Release vX.Y.Z"`
+   1. `git push`
+1. Gem Release
+   1. `gem build`
+   1. `gem push <filename>`
+1. TODO: Version tagging
+   1. Release new version via github interface

data/README.md

@@ -0,0 +1,164 @@
+# Argon2 - Ruby Wrapper
+
+Forked from [technion/ruby-argon2](https://github.com/technion/ruby-argon2) aka
+the `argon2` gem, `v2.0.3`. See below for a migration guide if you would like to
+move an existing application from `argon2` to `sorcery-argon2`.
+
+[Why was `argon2` forked?](https://github.com/technion/ruby-argon2/pull/44#issuecomment-816271661)
+
+## Table of Contents
+
+1. [Useful Links](#useful-links)
+2. [API Summary](#api-summary)
+3. [Installation](#installation)
+4. [Migrating from `argon2` to `sorcery-argon2`](#migrating-from-argon2-to-sorcery-argon2)
+5. [Contributing](#contributing)
+6. [Contact](#contact)
+7. [License](#license)
+
+## Useful Links
+
+* [Documentation](https://rubydoc.info/gems/sorcery-argon2)
+
+## API Summary
+
+Below is a summary of the library methods. Most method names are self explaining
+and the rest are commented:
+
+### Argon2::Password
+
+```ruby
+# Class methods
+Argon2::Password.create(password, options = {})
+Argon2::Password.valid_hash?(digest)
+Argon2::Password.verify_password(password, digest, pepper = nil)
+
+# Instance Methods
+argon2 = Argon2::Password.new(digest)
+argon2 == other_argon2
+argon2.matches?(password, pepper = nil)
+argon2.to_s   # Returns the digest as a String
+argon2.to_str # Also returns the digest as a String
+
+# Argon2::Password Attributes (readonly)
+argon2.digest
+argon2.variant
+argon2.version
+argon2.t_cost
+argon2.m_cost
+argon2.p_cost
+argon2.salt
+argon2.checksum
+```
+
+### Errors
+
+```ruby
+Argon2::Error
+Argon2::Errors::InvalidHash
+Argon2::Errors::InvalidVersion
+Argon2::Errors::InvalidCost
+Argon2::Errors::InvalidTCost
+Argon2::Errors::InvalidMCost
+Argon2::Errors::InvalidPCost
+Argon2::Errors::InvalidPassword
+Argon2::Errors::InvalidSaltSize
+Argon2::Errors::InvalidOutputLength
+Argon2::Errors::ExtError
+```
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sorcery-argon2'
+```
+
+And then execute:
+
+```
+$ bundle
+```
+
+Or install it yourself as:
+
+```
+$ gem install sorcery-argon2
+```
+
+Require Sorcery-Argon2 in your project:
+
+```ruby
+require 'argon2'
+```
+
+## Migrating from `argon2` to `sorcery-argon2`
+
+There are two primary changes going from `argon2` to `sorcery-argon2`:
+
+### The Argon2::Password API has been refactored
+
+**Argon2::Password.new and Argon2::Password.create are now different.**
+
+Argon2::Passwords can now be created without initializing an instance first.
+
+To upgrade:
+
+```ruby
+# Take instances where you abstract creating the password by first exposing an
+# Object instance:
+instance = Argon2::Password.new(m_cost: some_m_cost)
+instance.create(input_password)
+
+# And remove the abstraction step:
+Argon2::Password.create(input_password, m_cost: some_m_cost)
+```
+
+**Argon2::Password.create no longer accept custom salts.**
+
+You should not be providing your own salt to the Argon2 algorithm (it does it
+for you). Previously you could pass an option of `salt_do_not_supply`, which has
+been removed in `sorcery-argon2 - v1.0.0`.
+
+### The errors have been restructured
+
+**The root level error has been renamed.**
+
+Argon2::ArgonHashFail has been renamed to Argon2::Error
+
+To upgrade:
+
+```ruby
+# Find any instances of Argon2::ArgonHashFail, for example...
+def login(username, password)
+  [...]
+rescue Argon2::ArgonHashFail
+  [...]
+end
+
+# And do a straight 1:1 replacement
+def login(username, password)
+  [...]
+rescue Argon2::Error
+  [...]
+end
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at
+[Sorcery/argon2](https://github.com/Sorcery/argon2).
+
+## Contact
+
+Feel free to ask questions using these contact details:
+
+**Current Maintainers:**
+
+* Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
+
+## License
+
+This gem is available as open source under the terms of the
+[MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.warning = true
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => %i[test rubocop]

data/SECURITY.md

@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| ~> 1.0.0  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Email the current maintainer(s) with a description of the vulnerability. You
+should expect a response within 48 hours. If the vulnerability is accepted, a
+Github advisory will be created and eventually released with a CVE corresponding
+to the issue found.
+
+A list of the current maintainers can be found on the README under the contact
+section. See: [README.md](https://github.com/Sorcery/argon2#contact)

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'argon2'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require 'pry'
+# Pry.start
+
+require 'irb'
+IRB.start

data/bin/setup

@@ -0,0 +1,11 @@
+#!/bin/bash
+# Exit the script immediately if a command fails
+set -euo pipefail
+# Internal Field Separator
+IFS=$'\n\t'
+
+# Build the Argon2 C Library. Git submodules must be initialized first!
+bundle install
+cd ext/argon2_wrap/
+make
+cd ../..

data/bin/test

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Exit the script immediately if a command fails
+set -euo pipefail
+# Internal Field Separator
+IFS=$'\n\t'
+
+# Run the Argon2 C Library tests
+cd ext/argon2_wrap/
+make test
+cd ../..

data/ext/argon2_wrap/Makefile

@@ -0,0 +1,74 @@
+# Argon Wrapper Makefile
+# This file is based on the original Argon2 reference
+# Argon2 source code package
+#
+# This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+#
+# You should have received a copy of the CC0 Public Domain Dedication along with
+# this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+#
+
+DIST_SRC = ../phc-winner-argon2/src
+SRC = $(DIST_SRC)/argon2.c $(DIST_SRC)/core.c $(DIST_SRC)/blake2/blake2b.c $(DIST_SRC)/thread.c $(DIST_SRC)/encoding.c argon_wrap.c
+OBJ = $(SRC:.c=.o)
+
+CFLAGS = -pthread -O3 -Wall -g -I../phc-winner-argon2/include -I../phc-winner-argon2/src
+
+OPTTEST := $(shell $(CC) -Iinclude -Isrc -march=native src/opt.c -c 2>/dev/null; echo $$?)
+# Detect compatible platform
+ifneq ($(OPTTEST), 0)
+	SRC += $(DIST_SRC)/ref.c
+else
+	CFLAGS += -march=native
+	SRC += $(DIST_SRC)/opt.c
+endif
+
+
+BUILD_PATH := $(shell pwd)
+KERNEL_NAME := $(shell uname -s)
+
+LIB_NAME=argon2_wrap
+ifeq ($(KERNEL_NAME), Linux)
+	LIB_EXT := so
+	LIB_CFLAGS := -shared -fPIC
+endif
+ifeq ($(KERNEL_NAME), NetBSD)
+	LIB_EXT := so
+	LIB_CFLAGS := -shared -fPIC
+endif
+ifeq ($(KERNEL_NAME), Darwin)
+	LIB_EXT := bundle
+	LIB_CFLAGS := -bundle
+endif
+ifeq ($(findstring MINGW, $(KERNEL_NAME)), MINGW)
+	LIB_EXT := dll
+	LIB_CFLAGS := -shared -Wl,--out-implib,lib$(LIB_NAME).$(LIB_EXT).a
+endif
+ifeq ($(KERNEL_NAME), $(filter $(KERNEL_NAME),OpenBSD FreeBSD))
+	LIB_EXT := so
+	LIB_CFLAGS := -shared -fPIC
+endif
+ifeq ($(KERNEL_NAME), SunOS)
+    CC := gcc
+    CFLAGS += -D_REENTRANT
+    LIB_EXT := so
+    LIB_CFLAGS := -shared -fPIC
+endif
+
+LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
+
+all: libs 
+libs: $(SRC)
+		$(CC) $(CFLAGS) $(LIB_CFLAGS) $^ -o libargon2_wrap.$(LIB_EXT)
+
+#Deliberately avoiding the CFLAGS for our test cases - disable optimise and
+#C89
+test: $(SRC) test.c
+	clang -pthread -O3 -fsanitize=address -fsanitize=undefined -Wall -g $^ -o tests $(CFLAGS)
+	./tests
+
+clean:
+	rm -f tests libargon2_wrap.$(LIB_EXT)
+
+install:
+	echo none