@pirxpilot/argon2 0.44.0

package/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Ranieri Althoff
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

package/README.md

@@ -0,0 +1,95 @@
+[![NPM version][npm-image]][npm-url]
+[![Build Status][build-image]][build-url]
+[![Dependency Status][deps-image]][deps-url]
+[![Financial contributors on Open Collective][opencollective-image]][opencollective-url]
+
+# @pirxpilot/argon2
+
+This is a fork of [node-argon2] that is using [`crypto.argon2`][crypto.argon2] implementation as described in [#469]
+It can be used with node >= 24.7.0
+
+## Usage
+It's possible to hash using either Argon2i, Argon2d or Argon2id (default), and
+verify if a password matches a hash.
+
+To hash a password:
+```js
+import * as argon2 from '@pirxpilot/argon2';
+
+try {
+  const hash = await argon2.hash("password");
+} catch (err) {
+  //...
+}
+```
+
+To verify a password:
+```js
+try {
+  if (await argon2.verify("<big long hash>", "password")) {
+    // password match
+  } else {
+    // password did not match
+  }
+} catch (err) {
+  // internal failure
+}
+```
+
+> [!NOTE]
+> By default, argon2.hash will generate secure hashes according to the security recommendations by the team that develops Argon2.
+> **For password hashing, there is no need to modify them.**
+
+To see how you can modify the output (hash length, encoding) and parameters
+(time cost, memory cost and parallelism),
+[read the wiki](https://github.com/ranisalt/node-argon2/wiki/Options)
+
+## Contributors
+
+### Code contributors
+
+This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
+<a href="https://github.com/ranisalt/node-argon2/graphs/contributors"><img src="https://opencollective.com/node-argon2/contributors.svg?width=890&button=false" /></a>
+
+### Financial contributors
+
+Become a financial contributor and help us sustain our community. [[Contribute](https://opencollective.com/node-argon2/contribute)]
+
+#### Individuals
+
+<a href="https://opencollective.com/node-argon2"><img src="https://opencollective.com/node-argon2/individuals.svg?width=890"></a>
+
+#### Organizations
+
+Support this project with your organization. Your logo will show up here with a link to your website. [[Contribute](https://opencollective.com/node-argon2/contribute)]
+
+<a href="https://opencollective.com/node-argon2/organization/0/website"><img src="https://opencollective.com/node-argon2/organization/0/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/1/website"><img src="https://opencollective.com/node-argon2/organization/1/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/2/website"><img src="https://opencollective.com/node-argon2/organization/2/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/3/website"><img src="https://opencollective.com/node-argon2/organization/3/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/4/website"><img src="https://opencollective.com/node-argon2/organization/4/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/5/website"><img src="https://opencollective.com/node-argon2/organization/5/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/6/website"><img src="https://opencollective.com/node-argon2/organization/6/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/7/website"><img src="https://opencollective.com/node-argon2/organization/7/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/8/website"><img src="https://opencollective.com/node-argon2/organization/8/avatar.svg"></a>
+<a href="https://opencollective.com/node-argon2/organization/9/website"><img src="https://opencollective.com/node-argon2/organization/9/avatar.svg"></a>
+
+## License
+Work licensed under the [MIT License](LICENSE). Please check
+[P-H-C/phc-winner-argon2](https://github.com/P-H-C/phc-winner-argon2) for
+license over Argon2 and the reference implementation.
+
+[opencollective-image]: https://img.shields.io/opencollective/all/node-argon2.svg?style=flat-square
+[opencollective-url]: https://opencollective.com/node-argon2
+[node-argon2]: https://www.npmjs.com/package/argon2
+[#469]: https://github.com/ranisalt/node-argon2/issues/469
+[crypto.argon2]: https://nodejs.org/api/crypto.html#cryptoargon2algorithm-parameters-callback
+
+[npm-image]: https://img.shields.io/npm/v/@pirxpilot/argon2
+[npm-url]: https://npmjs.org/package/@pirxpilot/argon2
+
+[build-url]: https://github.com/pirxpilot/argon2/actions/workflows/check.yaml
+[build-image]: https://img.shields.io/github/actions/workflow/status/pirxpilot/argon2/check.yaml?branch=main
+
+[deps-image]: https://img.shields.io/librariesio/release/npm/@pirxpilot/argon2
+[deps-url]: https://libraries.io/npm/@pirxpilot%2Fargon2

package/argon2.js

@@ -0,0 +1,178 @@
+import { argon2, randomBytes, timingSafeEqual } from 'node:crypto';
+import { promisify } from 'node:util';
+import { deserialize, serialize } from '@phc/format';
+
+const asyncArgon2 = promisify(argon2);
+
+/** @type {(size: number) => Promise<Buffer>} */
+const generateSalt = promisify(randomBytes);
+
+export const argon2d = 0;
+export const argon2i = 1;
+export const argon2id = 2;
+
+/** @enum {argon2i | argon2d | argon2id} */
+const types = Object.freeze({ argon2d, argon2i, argon2id });
+
+/** @enum {'argon2d' | 'argon2i' | 'argon2id'} */
+const names = Object.freeze({
+  [types.argon2d]: 'argon2d',
+  [types.argon2i]: 'argon2i',
+  [types.argon2id]: 'argon2id'
+});
+
+const defaults = {
+  hashLength: 32,
+  timeCost: 3,
+  memoryCost: 1 << 16,
+  parallelism: 4,
+  type: argon2id,
+  version: 0x13
+};
+
+/**
+ * @typedef {Object} Options
+ * @property {number} [hashLength=32]
+ * @property {number} [timeCost=3]
+ * @property {number} [memoryCost=65536]
+ * @property {number} [parallelism=4]
+ * @property {keyof typeof names} [type=argon2id]
+ * @property {number} [version=19]
+ * @property {Buffer} [salt]
+ * @property {Buffer} [associatedData]
+ * @property {Buffer} [secret]
+ */
+
+/**
+ * Hashes a password with Argon2, producing a raw hash
+ *
+ * @overload
+ * @param {Buffer | string} password The plaintext password to be hashed
+ * @param {Options & { raw: true }} options The parameters for Argon2
+ * @returns {Promise<Buffer>} The raw hash generated from `password`
+ */
+/**
+ * Hashes a password with Argon2, producing an encoded hash
+ *
+ * @overload
+ * @param {Buffer | string} password The plaintext password to be hashed
+ * @param {Options & { raw?: boolean }} [options] The parameters for Argon2
+ * @returns {Promise<string>} The encoded hash generated from `password`
+ */
+/**
+ * @param {Buffer | string} password The plaintext password to be hashed
+ * @param {Options & { raw?: boolean }} [options] The parameters for Argon2
+ */
+export async function hash(password, options) {
+  let { raw, salt, ...rest } = { ...defaults, ...options };
+
+  if (rest.hashLength > 2 ** 32 - 1) {
+    throw new RangeError('Hash length is too large');
+  }
+
+  if (rest.memoryCost > 2 ** 32 - 1) {
+    throw new RangeError('Memory cost is too large');
+  }
+
+  if (rest.timeCost > 2 ** 32 - 1) {
+    throw new RangeError('Time cost is too large');
+  }
+
+  if (rest.parallelism > 2 ** 24 - 1) {
+    throw new RangeError('Parallelism is too large');
+  }
+
+  salt = salt ?? (await generateSalt(16));
+
+  const {
+    hashLength,
+    secret = Buffer.alloc(0),
+    type,
+    version,
+    memoryCost: m,
+    timeCost: t,
+    parallelism: p,
+    associatedData: data = Buffer.alloc(0)
+  } = rest;
+
+  const hash = await asyncArgon2(names[type], {
+    message: Buffer.from(password),
+    nonce: salt,
+    tagLength: hashLength,
+    secret,
+    associatedData: data,
+    parallelism: p,
+    memory: m,
+    passes: t
+  });
+  if (raw) {
+    return hash;
+  }
+
+  return serialize({
+    id: names[type],
+    version,
+    params: { m, t, p, ...(data.byteLength > 0 ? { data } : {}) },
+    salt,
+    hash
+  });
+}
+
+/**
+ * @param {string} digest The digest to be checked
+ * @param {Object} [options] The current parameters for Argon2
+ * @param {number} [options.timeCost=3]
+ * @param {number} [options.memoryCost=65536]
+ * @param {number} [options.parallelism=4]
+ * @param {number} [options.version=0x13]
+ * @returns {boolean} `true` if the digest parameters do not match the parameters in `options`, otherwise `false`
+ */
+export function needsRehash(digest, options = {}) {
+  const { memoryCost, timeCost, parallelism, version } = {
+    ...defaults,
+    ...options
+  };
+
+  const {
+    version: v,
+    params: { m, t, p }
+  } = deserialize(digest);
+
+  return +v !== +version || +m !== +memoryCost || +t !== +timeCost || +p !== +parallelism;
+}
+
+/**
+ * @param {string} digest The digest to be checked
+ * @param {Buffer | string} password The plaintext password to be verified
+ * @param {Object} [options] The current parameters for Argon2
+ * @param {Buffer} [options.secret]
+ * @returns {Promise<boolean>} `true` if the digest parameters matches the hash generated from `password`, otherwise `false`
+ */
+export async function verify(digest, password, options = {}) {
+  const { id, ...rest } = deserialize(digest);
+  if (!(id in types)) {
+    return false;
+  }
+
+  const {
+    params: { m, t, p, data = '' },
+    salt,
+    hash
+  } = rest;
+
+  const { secret = Buffer.alloc(0) } = options;
+
+  return timingSafeEqual(
+    await asyncArgon2(names[types[id]], {
+      message: Buffer.from(password),
+      nonce: salt,
+      tagLength: hash.byteLength,
+      secret,
+      associatedData: Buffer.from(data, 'base64'),
+      parallelism: p,
+      memory: m,
+      passes: t
+    }),
+    hash
+  );
+}

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@pirxpilot/argon2",
+  "version": "0.44.0",
+  "description": "An Argon2 library for Node",
+  "keywords": [
+    "argon2",
+    "crypto",
+    "encryption",
+    "hashing",
+    "password"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/pirxpilot/argon2.git"
+  },
+  "license": "MIT",
+  "author": "Ranieri Althoff <ranisalt+argon2@gmail.com>",
+  "type": "module",
+  "exports": "./argon2.js",
+  "files": [
+    "argon2.js"
+  ],
+  "scripts": {
+    "test": "make check"
+  },
+  "dependencies": {
+    "@phc/format": "^1.0.0"
+  },
+  "devDependencies": {
+    "@biomejs/biome": "2.3.11"
+  },
+  "engines": {
+    "node": ">= 24.7.0"
+  },
+  "collective": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/node-argon2"
+  }
+}