sorcery-argon2 1.0.0

data/ext/argon2_wrap/argon_wrap.c

@@ -0,0 +1,167 @@
+/* Wrapper for argon Ruby bindings
+ * lolware.net
+ * Much of this code is based on run.c from the reference implementation
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include "argon2.h"
+#include "core.h"
+#include "encoding.h"
+
+#define T_COST_DEF 3
+#define LOG_M_COST_DEF 12 /* 2^12 = 4 MiB */
+#define LANES_DEF 1
+#define THREADS_DEF 1
+#define OUT_LEN 32
+#define SALT_LEN 16
+#define ENCODE_LEN 96 /* Does not include SALT LEN */
+
+/* Workaround for https://github.com/technion/ruby-argon2/issues/8. Hopefully temporary */
+static int wrap_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
+    size_t i;
+    uint8_t d = 0U;
+
+    for (i = 0U; i < len; i++) {
+        d |= b1[i] ^ b2[i];
+    }
+    return (int)((1 & ((d - 1) >> 8)) - 1);
+}
+
+int argon2_wrap_version(char *out, const char *pwd, size_t pwd_length,
+        uint8_t *salt,  uint32_t saltlen, uint32_t t_cost, uint32_t m_cost,
+        uint32_t lanes, uint8_t *secret, size_t secretlen, uint32_t version,
+        argon2_type type)
+{
+    uint8_t hash[OUT_LEN];
+    argon2_context context;
+
+    if (!pwd) {
+        return ARGON2_PWD_PTR_MISMATCH;
+    }
+
+    if (!salt) {
+        return ARGON2_PWD_PTR_MISMATCH;
+    }
+
+    context.out = hash;
+    context.outlen = OUT_LEN;
+    context.pwd = (uint8_t *)pwd;
+    context.pwdlen = pwd_length;
+    context.salt = salt;
+    context.saltlen = saltlen;
+    context.secret = secret;
+    context.secretlen = secretlen;
+    context.ad = NULL;
+    context.adlen = 0;
+    context.t_cost = t_cost;
+    context.m_cost = m_cost;
+    context.lanes = lanes;
+    context.threads = lanes;
+    context.allocate_cbk = NULL;
+    context.free_cbk = NULL;
+    context.flags = 0;
+    context.version = version;
+
+    int result;
+    if (type == Argon2_i) {
+        result = argon2i_ctx(&context);
+    }  else if (type == Argon2_id) {
+        result = argon2id_ctx(&context);
+    } else if (type == Argon2_d) {
+        result = argon2d_ctx(&context);
+    } else {
+        // Unsupported type
+        return ARGON2_ENCODING_FAIL;
+    }
+
+    if (result != ARGON2_OK)
+        return result;
+
+    encode_string(out, ENCODE_LEN + saltlen, &context, type);
+    return ARGON2_OK;
+}
+
+/* Since all new hashes will use latest version, this wraps the
+   * function including the version
+   */
+int argon2_wrap(char *out, const char *pwd, size_t pwd_length,
+        uint8_t *salt,  uint32_t saltlen, uint32_t t_cost, uint32_t m_cost,
+        uint32_t lanes, uint8_t *secret, size_t secretlen)
+{
+    return argon2_wrap_version(out, pwd, pwd_length, salt, saltlen,
+            t_cost, m_cost, lanes, secret, secretlen, ARGON2_VERSION_13, Argon2_id);
+}
+
+int wrap_argon2_verify(const char *encoded, const char *pwd,
+    const size_t pwdlen,
+    uint8_t *secret, size_t secretlen)
+{
+    argon2_context ctx;
+    int ret;
+    char *out;
+    memset(&ctx, 0, sizeof(argon2_context));
+    size_t encoded_len;
+    argon2_type type;
+
+    encoded_len = strlen(encoded);
+    /* larger than max possible values */
+    ctx.saltlen = encoded_len;
+    ctx.outlen = encoded_len;
+
+    ctx.salt = malloc(ctx.saltlen);
+    ctx.out = malloc(ctx.outlen);
+    if (!ctx.out || !ctx.salt) {
+        free(ctx.salt);
+        free(ctx.out);
+        return ARGON2_MEMORY_ALLOCATION_ERROR;
+    }
+
+    if (memcmp(encoded, "$argon2id", strlen("$argon2id")) == 0) {
+        type = Argon2_id;
+    } else if (memcmp(encoded, "$argon2i", strlen("$argon2i")) == 0) {
+        type = Argon2_i;
+    } else if (memcmp(encoded, "$argon2d", strlen("$argon2d")) == 0) {
+        type = Argon2_d;
+    } else {
+        // Other types not yet supported
+        free(ctx.salt);
+        free(ctx.out);
+        return ARGON2_DECODING_FAIL;
+    }
+
+    if (decode_string(&ctx, encoded, type) != ARGON2_OK) {
+        free(ctx.salt);
+        free(ctx.out);
+        return ARGON2_DECODING_FAIL;
+    }
+
+    out = malloc(ENCODE_LEN + ctx.saltlen);
+    if(!out) {
+        free(ctx.salt);
+        free(ctx.out);
+        return ARGON2_DECODING_FAIL;
+    }
+
+    ret = argon2_wrap_version(out, pwd, pwdlen, ctx.salt, ctx.saltlen,
+            ctx.t_cost, ctx.m_cost, ctx.lanes, secret, secretlen,
+            ctx.version, type);
+
+    free(ctx.salt);
+
+    if (ret != ARGON2_OK || wrap_compare((uint8_t*)out, (uint8_t*)encoded,
+                strlen(encoded))) {
+        free(ctx.out);
+        free(out);
+        return ARGON2_DECODING_FAIL;
+    }
+    free(ctx.out);
+    free(out);
+
+    return ARGON2_OK;
+}

data/ext/argon2_wrap/extconf.rb

@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+#I must admit I have no understanding of why this empty file works.

data/ext/argon2_wrap/test.c

@@ -0,0 +1,117 @@
+/* Wrapper for argon Ruby bindings
+ * lolware.net
+ * Much of this code is based on run.c from the reference implementation
+ */
+#include <stdio.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <assert.h>
+
+#include "argon2.h"
+
+#define OUT_LEN 32
+#define SALT_LEN 16
+
+/**
+ * Hashes a password with Argon2i, producing a raw hash
+ * @param t_cost Number of iterations
+ * @param m_cost Sets memory usage to 2^m_cost kibibytes
+ * @param parallelism Number of threads and compute lanes
+ * @param pwd Pointer to password
+ * @param pwdlen Password size in bytes
+ * @param salt Pointer to salt
+ * @param saltlen Salt size in bytes
+ * @param hash Buffer where to write the raw hash
+ * @param hashlen Desired length of the hash in bytes
+ * @pre   Different parallelism levels will give different results
+ * @pre   Returns ARGON2_OK if successful
+
+int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                     const uint32_t parallelism, const void *pwd,
+                     const size_t pwdlen, const void *salt,
+                     const size_t saltlen, void *hash, const size_t hashlen);
+
+*/
+
+unsigned int argon2_wrap(char *out, const char *pwd, size_t pwd_length,
+    uint8_t *salt, uint32_t saltlen, uint32_t t_cost, uint32_t m_cost,
+    uint32_t lanes, uint8_t *secret, size_t secretlen);
+
+int wrap_argon2_verify(const char *encoded, const char *pwd,
+    const size_t pwdlen,
+    uint8_t *secret, size_t secretlen);
+
+
+int main()
+{
+    unsigned char out[OUT_LEN];
+    unsigned char hex_out[OUT_LEN*2 + 4]; /* Allow space for NULL byute */
+    char out2[300];
+    char *pwd = NULL;
+    uint8_t salt[SALT_LEN];
+    int i, ret;
+
+    memset(salt, 0x00, SALT_LEN); /* pad with null bytes */
+    memcpy(salt, "somesalt", 8);
+
+
+#define RAWTEST(T, M, P, PWD, REF) \
+    pwd = strdup(PWD); \
+    assert(pwd); \
+    ret = argon2i_hash_raw(T, 1<<M, P, pwd, strlen(pwd), salt, SALT_LEN, out, OUT_LEN); \
+    assert(ret == ARGON2_OK); \
+    for(i=0; i<OUT_LEN; ++i ) \
+        sprintf((char*)(hex_out + i*2), "%02x", out[i] ); \
+    assert(memcmp(hex_out, REF, OUT_LEN*2) == 0); \
+    free(pwd); \
+    printf( "Ref test: %s: PASS\n", REF);
+
+    RAWTEST(2, 16, 1, "password", "1c7eeef9e0e969b3024722fc864a1ca9f6ca20da73f9bf3f1731881beae2039e");
+    RAWTEST(2, 18, 1, "password", "5c6dfd2712110cf88f1426059b01d87f8210d5368da0e7ee68586e9d4af4954b");
+    RAWTEST(2, 8, 1, "password", "dfebf9d4eadd6859f4cc6a9bb20043fd9da7e1e36bdacdbb05ca569f463269f8");
+    RAWTEST(1, 16, 1, "password", "fabd1ddbd86a101d326ac2abe79660202b10192925d2fd2483085df94df0c91a");
+    RAWTEST(4, 16, 1, "password", "b3b4cb3d6e2c1cb1e7bffdb966ab3ceafae701d6b7789c3f1e6c6b22d82d99d5");
+    RAWTEST(2, 16, 1, "differentpassword", "b2db9d7c0d1288951aec4b6e1cd3835ea29a7da2ac13e6f48554a26b127146f9");
+    memcpy(salt, "diffsalt", 8);
+    RAWTEST(2, 16, 1, "password", "bb6686865f2c1093f70f543c9535f807d5b42d5dc6d71f14a4a7a291913e05e0");
+
+
+#define WRAP_TEST(T, M, PWD, REF) \
+    pwd = strdup(PWD); \
+    argon2_wrap(out2, pwd, strlen(PWD), salt, strlen((const char *)salt),T, 1<<M, 1, NULL, 0); \
+    free(pwd); \
+    assert(memcmp(out2, REF, strlen(REF)) == 0); \
+    printf( "Ref test: %s: PASS\n", REF);
+
+    memcpy(salt, "somesalt", 8);
+    WRAP_TEST(2, 16, "password",
+            "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc");
+
+    WRAP_TEST(2, 8, "password",
+            "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4");
+
+    WRAP_TEST(2, 16, "differentpassword",
+            "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$C4TWUs9rDEvq7w3+J4umqA32aWKB1+DSiRuBfYxFj94");
+
+    ret = wrap_argon2_verify("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$3+v51OrdaFn0zGqbsgBD/Z2n4eNr2s27BcpWn0Yyafg", "password",
+            strlen("password"), NULL, 0);
+    assert(ret == ARGON2_OK);
+    printf("Verify OK test i variant: PASS\n");
+
+    ret = wrap_argon2_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc", "password",
+            strlen("password"), NULL, 0);
+    assert(ret == ARGON2_OK);
+    printf("Verify OK test id variant: PASS\n");
+
+    ret = wrap_argon2_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$iUr0/y4tJvPOFfd6fhwl20W04gQ56ZYXcroZnK3bAB4", "notpassword",
+            strlen("notpassword"), NULL, 0);
+    assert(ret == ARGON2_DECODING_FAIL);
+    printf("Verify FAIL test: PASS\n");
+    return 0;
+
+
+}
+

data/lib/argon2.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+##
+# This Ruby Gem provides FFI bindings and a simplified interface to the Argon2
+# algorithm. Argon2 is the official winner of the Password Hashing Competition,
+# a several year project to identify a successor to bcrypt/PBKDF/scrypt methods
+# of securely storing passwords. This is an independent project and not official
+# from the PHC team.
+#
+module Argon2; end
+
+require 'argon2/constants'
+require 'argon2/ffi_engine'
+require 'argon2/version'
+require 'argon2/errors'
+require 'argon2/engine'
+require 'argon2/password'

data/lib/argon2/constants.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Argon2
+  ##
+  # Constants utilised in several parts of the Argon2 module
+  #
+  module Constants
+    SALT_LEN   = 16  # Standard recommendation from the Argon2 spec
+    OUT_LEN    = 32  # Binary, unencoded output
+    ENCODE_LEN = 108 # Encoded output
+  end
+end

data/lib/argon2/engine.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module Argon2
+  ##
+  # The engine class shields users from the FFI interface.
+  # It is generally not advised to directly use this class.
+  #
+  class Engine
+    ##
+    # Generates a random, binary string for use as a salt.
+    #
+    def self.saltgen
+      SecureRandom.random_bytes(Argon2::Constants::SALT_LEN)
+    end
+  end
+end

data/lib/argon2/errors.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module Argon2
+  ##
+  # Generic error to catch anything the Argon2 ruby library throws.
+  #
+  class Error < StandardError; end
+
+  ##
+  # Various errors for invalid parameters passed to the library.
+  #
+  module Errors
+    ##
+    # Raised when an invalid Argon2 hash has been passed to Argon2::Password.new
+    #
+    class InvalidHash < Argon2::Error; end
+
+    ##
+    # Raised when a valid Argon2 hash was passed to Argon2::Password, but the
+    # version information is missing or corrupted.
+    #
+    class InvalidVersion < InvalidHash; end
+
+    ##
+    # Abstract error class that isn't raised directly, but allows you to catch
+    # any cost error, regardless of which value was invalid.
+    #
+    class InvalidCost < InvalidHash; end
+
+    ##
+    # Raised when an invalid time cost has been passed to
+    # Argon2::Password.create, or the hash passed to Argon2::Password.new
+    # was valid but the time cost information is missing or corrupted.
+    #
+    class InvalidTCost < InvalidCost; end
+
+    ##
+    # Raised when an invalid memory cost has been passed to
+    # Argon2::Password.create, or the hash passed to Argon2::Password.new
+    # was valid but the memory cost information is missing or corrupted.
+    #
+    class InvalidMCost < InvalidCost; end
+
+    ##
+    # Raised when an invalid parallelism cost has been passed to
+    # Argon2::Password.create, or the hash passed to Argon2::Password.new
+    # was valid but the parallelism cost information is missing or corrupted.
+    #
+    class InvalidPCost < InvalidCost; end
+
+    ##
+    # Raised when a non-string object is passed to Argon2::Password.create
+    #
+    class InvalidPassword < Argon2::Error
+      def initialize(msg = "Invalid password (expected a String)")
+        super
+      end
+    end
+
+    ##
+    # Raised when an invalid salt length was passed to
+    # Argon2::Engine.hash_argon2id_encode
+    #
+    class InvalidSaltSize < Argon2::Error; end
+
+    ##
+    # Raised when the output length passed to Argon2::Engine.hash_argon2i or
+    # Argon2::Engine.hash_argon2id is invalid.
+    #
+    class InvalidOutputLength < Argon2::Error; end
+
+    ##
+    # Error raised by/caught from the Argon2 C Library.
+    #
+    # See Argon2::ERRORS for a full list of related error codes.
+    #
+    class ExtError < Argon2::Error; end
+  end
+
+  ##
+  # Defines an array of errors that matches the enum list of errors from
+  # argon2.h. This allows return values to propagate errors through the FFI. Any
+  # error from this list will be thrown as an Argon2::Errors::ExtError
+  #
+  ERRORS = %w[
+    ARGON2_OK
+    ARGON2_OUTPUT_PTR_NULL
+    ARGON2_OUTPUT_TOO_SHORT
+    ARGON2_OUTPUT_TOO_LONG
+    ARGON2_PWD_TOO_SHORT
+    ARGON2_PWD_TOO_LONG
+    ARGON2_SALT_TOO_SHORT
+    ARGON2_SALT_TOO_LONG
+    ARGON2_AD_TOO_SHORT
+    ARGON2_AD_TOO_LONG
+    ARGON2_SECRET_TOO_SHORT
+    ARGON2_SECRET_TOO_LONG
+    ARGON2_TIME_TOO_SMALL
+    ARGON2_TIME_TOO_LARGE
+    ARGON2_MEMORY_TOO_LITTLE
+    ARGON2_MEMORY_TOO_MUCH
+    ARGON2_LANES_TOO_FEW
+    ARGON2_LANES_TOO_MANY
+    ARGON2_PWD_PTR_MISMATCH
+    ARGON2_SALT_PTR_MISMATCH
+    ARGON2_SECRET_PTR_MISMATCH
+    ARGON2_AD_PTR_MISMATCH
+    ARGON2_MEMORY_ALLOCATION_ERROR
+    ARGON2_FREE_MEMORY_CBK_NULL
+    ARGON2_ALLOCATE_MEMORY_CBK_NULL
+    ARGON2_INCORRECT_PARAMETER
+    ARGON2_INCORRECT_TYPE
+    ARGON2_OUT_PTR_MISMATCH
+    ARGON2_THREADS_TOO_FEW
+    ARGON2_THREADS_TOO_MANY
+    ARGON2_MISSING_ARGS
+    ARGON2_ENCODING_FAIL
+    ARGON2_DECODING_FAIL
+    ARGON2_THREAD_FAIL
+  ].freeze
+end