lib/argon2.rb
# frozen_string_literal: true require 'argon2/constants' require 'argon2/ffi_engine' require 'argon2/version' require 'argon2/errors' require 'argon2/engine' require 'argon2/hash_format' module Argon2 # Front-end API for the Argon2 module. class Password def initialize(options = {}) @t_cost = options[:t_cost] || 2 raise ArgonHashFail, "Invalid t_cost" if @t_cost < 1 || @t_cost > 750 @m_cost = options[:m_cost] || 16 raise ArgonHashFail, "Invalid m_cost" if @m_cost < 1 || @m_cost > 31 @p_cost = options[:p_cost] || 1 raise ArgonHashFail, "Invalid p_cost" if @p_cost < 1 || @p_cost > 8 @salt_do_not_supply = options[:salt_do_not_supply] @secret = options[:secret] end def create(pass) raise ArgonHashFail, "Invalid password (expected string)" unless pass.is_a?(String) # Ensure salt is freshly generated unless it was intentionally supplied. salt = @salt_do_not_supply || Engine.saltgen Argon2::Engine.hash_argon2id_encode( pass, salt, @t_cost, @m_cost, @p_cost, @secret) end # Helper class, just creates defaults and calls hash() def self.create(pass, options = {}) argon2 = Argon2::Password.new(options) argon2.create(pass) end def self.valid_hash?(hash) Argon2::HashFormat.valid_hash?(hash) end def self.verify_password(pass, hash, secret = nil) raise ArgonHashFail, "Invalid hash" unless valid_hash?(hash) Argon2::Engine.argon2_verify(pass, hash, secret) end end end