sorcery-argon2 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.document +1 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +37 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +22 -0
- data/.github/ISSUE_TEMPLATE/need_help.md +24 -0
- data/.github/PULL_REQUEST_TEMPLATE.md +5 -0
- data/.github/workflows/ruby.yml +66 -0
- data/.gitignore +68 -0
- data/.gitmodules +4 -0
- data/.rubocop.yml +208 -0
- data/CHANGELOG.md +20 -0
- data/CODE_OF_CONDUCT.md +14 -0
- data/Gemfile +6 -0
- data/LICENSE.md +23 -0
- data/MAINTAINING.md +65 -0
- data/README.md +164 -0
- data/Rakefile +16 -0
- data/SECURITY.md +17 -0
- data/bin/console +15 -0
- data/bin/setup +11 -0
- data/bin/test +10 -0
- data/ext/argon2_wrap/Makefile +74 -0
- data/ext/argon2_wrap/argon_wrap.c +167 -0
- data/ext/argon2_wrap/extconf.rb +2 -0
- data/ext/argon2_wrap/test.c +117 -0
- data/lib/argon2.rb +17 -0
- data/lib/argon2/constants.rb +12 -0
- data/lib/argon2/engine.rb +18 -0
- data/lib/argon2/errors.rb +121 -0
- data/lib/argon2/ffi_engine.rb +114 -0
- data/lib/argon2/password.rb +220 -0
- data/lib/argon2/version.rb +8 -0
- data/sorcery-argon2.gemspec +51 -0
- metadata +191 -0
data/CHANGELOG.md
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
Historical changelog for all versions.
|
4
|
+
|
5
|
+
## HEAD
|
6
|
+
|
7
|
+
## v1.0.0
|
8
|
+
|
9
|
+
This project has been forked from
|
10
|
+
[Technion's original argon2 wrapper](https://github.com/technion/ruby-argon2).
|
11
|
+
|
12
|
+
If you previously used `argon2` and would like to update to `sorcery-argon2`,
|
13
|
+
please see: [Migrating from `argon2` to `sorcery-argon2`](README.md#migrating-from-argon2-to-sorcery-argon2)
|
14
|
+
|
15
|
+
Changes between `argon2 - 2.0.3` and `sorcery-argon2 - 1.0.0`:
|
16
|
+
|
17
|
+
* Refactored Argon2::Password to include additional helpers and simplify hash
|
18
|
+
creation.
|
19
|
+
* Renamed top level exception from: `Argon2::ArgonHashHail` to: `Argon2::Error`
|
20
|
+
* Added new exceptions that inherit from the top level exception.
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
# The Sorcery Community Code of Conduct
|
2
|
+
|
3
|
+
This document provides a few simple community guidelines for a safe, respectful,
|
4
|
+
productive, and collaborative place for any person who is willing to contribute
|
5
|
+
to the Sorcery community. It applies to all "collaborative spaces", which are
|
6
|
+
defined as community communications channels (such as mailing lists, submitted
|
7
|
+
patches, commit comments, etc.).
|
8
|
+
|
9
|
+
* Participants will be tolerant of opposing views.
|
10
|
+
* Participants must ensure that their language and actions are free of personal
|
11
|
+
attacks and disparaging personal remarks.
|
12
|
+
* When interpreting the words and actions of others, participants should always
|
13
|
+
assume good intentions.
|
14
|
+
* Behaviour which can be reasonably considered harassment will not be tolerated.
|
data/Gemfile
ADDED
data/LICENSE.md
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2021 [Josh Buker](mailto:crypto@joshbuker.com)
|
4
|
+
|
5
|
+
Copyright (c) 2015-2021 Technion
|
6
|
+
|
7
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
8
|
+
of this software and associated documentation files (the "Software"), to deal
|
9
|
+
in the Software without restriction, including without limitation the rights
|
10
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
11
|
+
copies of the Software, and to permit persons to whom the Software is
|
12
|
+
furnished to do so, subject to the following conditions:
|
13
|
+
|
14
|
+
The above copyright notice and this permission notice shall be included in
|
15
|
+
all copies or substantial portions of the Software.
|
16
|
+
|
17
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
18
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
19
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
20
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
21
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
22
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
23
|
+
THE SOFTWARE.
|
data/MAINTAINING.md
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
# Maintaining Sorcery-Argon2
|
2
|
+
|
3
|
+
This will eventually be fleshed out so that anyone should be able to pick up and
|
4
|
+
maintain Sorcery-Argon2 by following this guide. It will provide step-by-step
|
5
|
+
guides for common tasks such as releasing new versions, as well as explain how
|
6
|
+
to triage issues and keep the CHANGELOG up-to-date.
|
7
|
+
|
8
|
+
## Table of Contents
|
9
|
+
|
10
|
+
1. [Merging Pull Requests](#merging-pull-requests)
|
11
|
+
1. [Versioning](#versioning)
|
12
|
+
1. [Version Naming](#version-naming)
|
13
|
+
1. [Releasing a New Version](#releasing-a-new-version)
|
14
|
+
|
15
|
+
## Merging Pull Requests
|
16
|
+
|
17
|
+
TODO
|
18
|
+
|
19
|
+
## Versioning
|
20
|
+
|
21
|
+
### Version Naming
|
22
|
+
|
23
|
+
Sorcery-Argon2 uses semantic versioning which can be found at:
|
24
|
+
https://semver.org/
|
25
|
+
|
26
|
+
All versions of Sorcery-Argon2 should follow this format: `MAJOR.MINOR.PATCH`
|
27
|
+
|
28
|
+
Where:
|
29
|
+
|
30
|
+
* MAJOR - Includes backwards **incompatible** changes.
|
31
|
+
* MINOR - Introduces new functionality but is fully backwards compatible.
|
32
|
+
* PATCH - Fixes errors in existing functionality (must be backwards compatible).
|
33
|
+
|
34
|
+
The changelog and git tags should use `vMAJOR.MINOR.PATCH` to indicate that the
|
35
|
+
number represents a version of Sorcery-Argon2. For example, `1.0.0` would become
|
36
|
+
`v1.0.0`.
|
37
|
+
|
38
|
+
### Releasing a New Version
|
39
|
+
|
40
|
+
When it's time to release a new version, you'll want to ensure all the changes
|
41
|
+
you need are on the master branch and that there is a passing build. Then follow
|
42
|
+
this checklist and prepare a release commit:
|
43
|
+
|
44
|
+
NOTE: `X.Y.Z` and `vX.Y.Z` are given as examples, and should be replaced with
|
45
|
+
whatever version you are releasing. See: [Version Naming](#version-naming)
|
46
|
+
|
47
|
+
1. Update CHANGELOG.md
|
48
|
+
1. Check for any changes that have been included since the last release that
|
49
|
+
are not reflected in the changelog. Add any missing entries to the `HEAD`
|
50
|
+
section.
|
51
|
+
1. Check the changes in `HEAD` to determine what version increment is
|
52
|
+
appropriate. See [Version Naming](#version-naming) if unsure.
|
53
|
+
1. Replace `## HEAD` with `## vX.Y.Z` and create a new `## HEAD` section
|
54
|
+
above the latest version.
|
55
|
+
1. Update Gem Version
|
56
|
+
1. Update `./lib/argon2/version.rb` Argon2::VERSION to `'X.Y.Z'`
|
57
|
+
1. Stage your changes and create a commit
|
58
|
+
1. `git add -A`
|
59
|
+
1. `git commit -m "Release vX.Y.Z"`
|
60
|
+
1. `git push`
|
61
|
+
1. Gem Release
|
62
|
+
1. `gem build`
|
63
|
+
1. `gem push <filename>`
|
64
|
+
1. TODO: Version tagging
|
65
|
+
1. Release new version via github interface
|
data/README.md
ADDED
@@ -0,0 +1,164 @@
|
|
1
|
+
# Argon2 - Ruby Wrapper
|
2
|
+
|
3
|
+
Forked from [technion/ruby-argon2](https://github.com/technion/ruby-argon2) aka
|
4
|
+
the `argon2` gem, `v2.0.3`. See below for a migration guide if you would like to
|
5
|
+
move an existing application from `argon2` to `sorcery-argon2`.
|
6
|
+
|
7
|
+
[Why was `argon2` forked?](https://github.com/technion/ruby-argon2/pull/44#issuecomment-816271661)
|
8
|
+
|
9
|
+
## Table of Contents
|
10
|
+
|
11
|
+
1. [Useful Links](#useful-links)
|
12
|
+
2. [API Summary](#api-summary)
|
13
|
+
3. [Installation](#installation)
|
14
|
+
4. [Migrating from `argon2` to `sorcery-argon2`](#migrating-from-argon2-to-sorcery-argon2)
|
15
|
+
5. [Contributing](#contributing)
|
16
|
+
6. [Contact](#contact)
|
17
|
+
7. [License](#license)
|
18
|
+
|
19
|
+
## Useful Links
|
20
|
+
|
21
|
+
* [Documentation](https://rubydoc.info/gems/sorcery-argon2)
|
22
|
+
|
23
|
+
## API Summary
|
24
|
+
|
25
|
+
Below is a summary of the library methods. Most method names are self explaining
|
26
|
+
and the rest are commented:
|
27
|
+
|
28
|
+
### Argon2::Password
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
# Class methods
|
32
|
+
Argon2::Password.create(password, options = {})
|
33
|
+
Argon2::Password.valid_hash?(digest)
|
34
|
+
Argon2::Password.verify_password(password, digest, pepper = nil)
|
35
|
+
|
36
|
+
# Instance Methods
|
37
|
+
argon2 = Argon2::Password.new(digest)
|
38
|
+
argon2 == other_argon2
|
39
|
+
argon2.matches?(password, pepper = nil)
|
40
|
+
argon2.to_s # Returns the digest as a String
|
41
|
+
argon2.to_str # Also returns the digest as a String
|
42
|
+
|
43
|
+
# Argon2::Password Attributes (readonly)
|
44
|
+
argon2.digest
|
45
|
+
argon2.variant
|
46
|
+
argon2.version
|
47
|
+
argon2.t_cost
|
48
|
+
argon2.m_cost
|
49
|
+
argon2.p_cost
|
50
|
+
argon2.salt
|
51
|
+
argon2.checksum
|
52
|
+
```
|
53
|
+
|
54
|
+
### Errors
|
55
|
+
|
56
|
+
```ruby
|
57
|
+
Argon2::Error
|
58
|
+
Argon2::Errors::InvalidHash
|
59
|
+
Argon2::Errors::InvalidVersion
|
60
|
+
Argon2::Errors::InvalidCost
|
61
|
+
Argon2::Errors::InvalidTCost
|
62
|
+
Argon2::Errors::InvalidMCost
|
63
|
+
Argon2::Errors::InvalidPCost
|
64
|
+
Argon2::Errors::InvalidPassword
|
65
|
+
Argon2::Errors::InvalidSaltSize
|
66
|
+
Argon2::Errors::InvalidOutputLength
|
67
|
+
Argon2::Errors::ExtError
|
68
|
+
```
|
69
|
+
|
70
|
+
## Installation
|
71
|
+
|
72
|
+
Add this line to your application's Gemfile:
|
73
|
+
|
74
|
+
```ruby
|
75
|
+
gem 'sorcery-argon2'
|
76
|
+
```
|
77
|
+
|
78
|
+
And then execute:
|
79
|
+
|
80
|
+
```
|
81
|
+
$ bundle
|
82
|
+
```
|
83
|
+
|
84
|
+
Or install it yourself as:
|
85
|
+
|
86
|
+
```
|
87
|
+
$ gem install sorcery-argon2
|
88
|
+
```
|
89
|
+
|
90
|
+
Require Sorcery-Argon2 in your project:
|
91
|
+
|
92
|
+
```ruby
|
93
|
+
require 'argon2'
|
94
|
+
```
|
95
|
+
|
96
|
+
## Migrating from `argon2` to `sorcery-argon2`
|
97
|
+
|
98
|
+
There are two primary changes going from `argon2` to `sorcery-argon2`:
|
99
|
+
|
100
|
+
### The Argon2::Password API has been refactored
|
101
|
+
|
102
|
+
**Argon2::Password.new and Argon2::Password.create are now different.**
|
103
|
+
|
104
|
+
Argon2::Passwords can now be created without initializing an instance first.
|
105
|
+
|
106
|
+
To upgrade:
|
107
|
+
|
108
|
+
```ruby
|
109
|
+
# Take instances where you abstract creating the password by first exposing an
|
110
|
+
# Object instance:
|
111
|
+
instance = Argon2::Password.new(m_cost: some_m_cost)
|
112
|
+
instance.create(input_password)
|
113
|
+
|
114
|
+
# And remove the abstraction step:
|
115
|
+
Argon2::Password.create(input_password, m_cost: some_m_cost)
|
116
|
+
```
|
117
|
+
|
118
|
+
**Argon2::Password.create no longer accept custom salts.**
|
119
|
+
|
120
|
+
You should not be providing your own salt to the Argon2 algorithm (it does it
|
121
|
+
for you). Previously you could pass an option of `salt_do_not_supply`, which has
|
122
|
+
been removed in `sorcery-argon2 - v1.0.0`.
|
123
|
+
|
124
|
+
### The errors have been restructured
|
125
|
+
|
126
|
+
**The root level error has been renamed.**
|
127
|
+
|
128
|
+
Argon2::ArgonHashFail has been renamed to Argon2::Error
|
129
|
+
|
130
|
+
To upgrade:
|
131
|
+
|
132
|
+
```ruby
|
133
|
+
# Find any instances of Argon2::ArgonHashFail, for example...
|
134
|
+
def login(username, password)
|
135
|
+
[...]
|
136
|
+
rescue Argon2::ArgonHashFail
|
137
|
+
[...]
|
138
|
+
end
|
139
|
+
|
140
|
+
# And do a straight 1:1 replacement
|
141
|
+
def login(username, password)
|
142
|
+
[...]
|
143
|
+
rescue Argon2::Error
|
144
|
+
[...]
|
145
|
+
end
|
146
|
+
```
|
147
|
+
|
148
|
+
## Contributing
|
149
|
+
|
150
|
+
Bug reports and pull requests are welcome on GitHub at
|
151
|
+
[Sorcery/argon2](https://github.com/Sorcery/argon2).
|
152
|
+
|
153
|
+
## Contact
|
154
|
+
|
155
|
+
Feel free to ask questions using these contact details:
|
156
|
+
|
157
|
+
**Current Maintainers:**
|
158
|
+
|
159
|
+
* Josh Buker ([@athix](https://github.com/athix)) | [Email](mailto:crypto+sorcery@joshbuker.com?subject=Sorcery)
|
160
|
+
|
161
|
+
## License
|
162
|
+
|
163
|
+
This gem is available as open source under the terms of the
|
164
|
+
[MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "bundler/gem_tasks"
|
4
|
+
require "rake/testtask"
|
5
|
+
require 'rubocop/rake_task'
|
6
|
+
|
7
|
+
RuboCop::RakeTask.new
|
8
|
+
|
9
|
+
Rake::TestTask.new(:test) do |t|
|
10
|
+
t.libs << "test"
|
11
|
+
t.libs << "lib"
|
12
|
+
t.warning = true
|
13
|
+
t.test_files = FileList['test/**/*_test.rb']
|
14
|
+
end
|
15
|
+
|
16
|
+
task :default => %i[test rubocop]
|
data/SECURITY.md
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
| Version | Supported |
|
6
|
+
| --------- | ------------------ |
|
7
|
+
| ~> 1.0.0 | :white_check_mark: |
|
8
|
+
|
9
|
+
## Reporting a Vulnerability
|
10
|
+
|
11
|
+
Email the current maintainer(s) with a description of the vulnerability. You
|
12
|
+
should expect a response within 48 hours. If the vulnerability is accepted, a
|
13
|
+
Github advisory will be created and eventually released with a CVE corresponding
|
14
|
+
to the issue found.
|
15
|
+
|
16
|
+
A list of the current maintainers can be found on the README under the contact
|
17
|
+
section. See: [README.md](https://github.com/Sorcery/argon2#contact)
|
data/bin/console
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require 'bundler/setup'
|
5
|
+
require 'argon2'
|
6
|
+
|
7
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
8
|
+
# with your gem easier. You can also use a different console, if you like.
|
9
|
+
|
10
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
11
|
+
# require 'pry'
|
12
|
+
# Pry.start
|
13
|
+
|
14
|
+
require 'irb'
|
15
|
+
IRB.start
|
data/bin/setup
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
# Exit the script immediately if a command fails
|
3
|
+
set -euo pipefail
|
4
|
+
# Internal Field Separator
|
5
|
+
IFS=$'\n\t'
|
6
|
+
|
7
|
+
# Build the Argon2 C Library. Git submodules must be initialized first!
|
8
|
+
bundle install
|
9
|
+
cd ext/argon2_wrap/
|
10
|
+
make
|
11
|
+
cd ../..
|
data/bin/test
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Argon Wrapper Makefile
|
2
|
+
# This file is based on the original Argon2 reference
|
3
|
+
# Argon2 source code package
|
4
|
+
#
|
5
|
+
# This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
|
6
|
+
#
|
7
|
+
# You should have received a copy of the CC0 Public Domain Dedication along with
|
8
|
+
# this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
|
9
|
+
#
|
10
|
+
|
11
|
+
DIST_SRC = ../phc-winner-argon2/src
|
12
|
+
SRC = $(DIST_SRC)/argon2.c $(DIST_SRC)/core.c $(DIST_SRC)/blake2/blake2b.c $(DIST_SRC)/thread.c $(DIST_SRC)/encoding.c argon_wrap.c
|
13
|
+
OBJ = $(SRC:.c=.o)
|
14
|
+
|
15
|
+
CFLAGS = -pthread -O3 -Wall -g -I../phc-winner-argon2/include -I../phc-winner-argon2/src
|
16
|
+
|
17
|
+
OPTTEST := $(shell $(CC) -Iinclude -Isrc -march=native src/opt.c -c 2>/dev/null; echo $$?)
|
18
|
+
# Detect compatible platform
|
19
|
+
ifneq ($(OPTTEST), 0)
|
20
|
+
SRC += $(DIST_SRC)/ref.c
|
21
|
+
else
|
22
|
+
CFLAGS += -march=native
|
23
|
+
SRC += $(DIST_SRC)/opt.c
|
24
|
+
endif
|
25
|
+
|
26
|
+
|
27
|
+
BUILD_PATH := $(shell pwd)
|
28
|
+
KERNEL_NAME := $(shell uname -s)
|
29
|
+
|
30
|
+
LIB_NAME=argon2_wrap
|
31
|
+
ifeq ($(KERNEL_NAME), Linux)
|
32
|
+
LIB_EXT := so
|
33
|
+
LIB_CFLAGS := -shared -fPIC
|
34
|
+
endif
|
35
|
+
ifeq ($(KERNEL_NAME), NetBSD)
|
36
|
+
LIB_EXT := so
|
37
|
+
LIB_CFLAGS := -shared -fPIC
|
38
|
+
endif
|
39
|
+
ifeq ($(KERNEL_NAME), Darwin)
|
40
|
+
LIB_EXT := bundle
|
41
|
+
LIB_CFLAGS := -bundle
|
42
|
+
endif
|
43
|
+
ifeq ($(findstring MINGW, $(KERNEL_NAME)), MINGW)
|
44
|
+
LIB_EXT := dll
|
45
|
+
LIB_CFLAGS := -shared -Wl,--out-implib,lib$(LIB_NAME).$(LIB_EXT).a
|
46
|
+
endif
|
47
|
+
ifeq ($(KERNEL_NAME), $(filter $(KERNEL_NAME),OpenBSD FreeBSD))
|
48
|
+
LIB_EXT := so
|
49
|
+
LIB_CFLAGS := -shared -fPIC
|
50
|
+
endif
|
51
|
+
ifeq ($(KERNEL_NAME), SunOS)
|
52
|
+
CC := gcc
|
53
|
+
CFLAGS += -D_REENTRANT
|
54
|
+
LIB_EXT := so
|
55
|
+
LIB_CFLAGS := -shared -fPIC
|
56
|
+
endif
|
57
|
+
|
58
|
+
LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
|
59
|
+
|
60
|
+
all: libs
|
61
|
+
libs: $(SRC)
|
62
|
+
$(CC) $(CFLAGS) $(LIB_CFLAGS) $^ -o libargon2_wrap.$(LIB_EXT)
|
63
|
+
|
64
|
+
#Deliberately avoiding the CFLAGS for our test cases - disable optimise and
|
65
|
+
#C89
|
66
|
+
test: $(SRC) test.c
|
67
|
+
clang -pthread -O3 -fsanitize=address -fsanitize=undefined -Wall -g $^ -o tests $(CFLAGS)
|
68
|
+
./tests
|
69
|
+
|
70
|
+
clean:
|
71
|
+
rm -f tests libargon2_wrap.$(LIB_EXT)
|
72
|
+
|
73
|
+
install:
|
74
|
+
echo none
|