argon2 - npm Package Compare versions

Comparing version 0.1.3 to 0.2.0

index.js

 var bindings = require("bindings")("argon2_lib"),
   crypto = require("crypto");
 
-exports.encrypt = function (plain, salt, callback) {
+exports.encrypt = function (plain, salt, options, callback) {
   "use strict";
 
+  if (typeof(callback) == 'undefined') {
+    callback = options;
+    options = {};
+  }
+
+  options.timeCost = options.timeCost || 3;
+  options.memoryCost = options.memoryCost || 12;
+  options.parallelism = options.parallelism || 1;
+
   if (salt.length > 16) {
@@ -14,8 +23,22 @@ process.nextTick(function () {
 
-  return bindings.encrypt(plain, salt, callback);
+  if (options.memoryCost >= 32) {
+    process.nextTick(function() {
+      callback(new Error("Memory cost too high, maximum of 32."), null);
+    });
+    return;
+  }
+
+  return bindings.encrypt(plain, salt, options.timeCost, options.memoryCost,
+    options.parallelism, callback);
 };
 
-exports.encryptSync = function (plain, salt) {
+exports.encryptSync = function (plain, salt, options) {
   "use strict";
 
+  options = options || {};
+
+  options.timeCost = options.timeCost || 3;
+  options.memoryCost = options.memoryCost || 12;
+  options.parallelism = options.parallelism || 1;
+
   if (salt.length > 16) {
@@ -25,3 +48,8 @@ throw new Error("Salt too long, maximum 16 characters.");
 
-  return bindings.encryptSync(plain, salt);
+  if (options.memoryCost >= 32) {
+    throw new Error("Memory cost too high, maximum of 32");
+  }
+
+  return bindings.encryptSync(plain, salt, options.timeCost, options.memoryCost,
+    options.parallelism);
 };
@@ -28,0 +56,0 @@

package.json

 {
   "name": "argon2",
-  "version": "0.1.3",
+  "version": "0.2.0",
   "description": "An Argon2 library for Node",
@@ -8,5 +8,6 @@ "main": "index.js",
     "build": "npm run configure && node-gyp build",
-    "clean": "node-gyp clean",
+    "clean": "node-gyp clean && rm index-cov.js",
     "configure": "node-gyp configure",
-    "preinstall": "git submodule init && git submodule update",
+    "coveralls": "jscoverage index.js && ARGON2_COVERAGE=1 nodeunit --reporter=lcov test.spec.js | coveralls",
+    "preinstall": "node-gyp rebuild && git submodule init && git submodule update",
     "test": "npm run build && nodeunit test.spec.js"
@@ -19,6 +20,7 @@ },
   "keywords": [
-    "password",
+    "argon2",
+    "crypto",
+    "encryption",
     "hashing",
-    "argon2",
-    "crypto"
+    "password"
   ],
@@ -37,4 +39,6 @@ "author": "Ranieri Althoff <ranisalt+argon2@gmail.com>",
   "devDependencies": {
+    "coveralls": "^2.11.6",
+    "jscoverage": "^0.6.0",
     "nodeunit": "^0.9.1"
   }
 }

README.md

@@ -1,2 +0,2 @@
-# node-argon2 [![NPM package][npm-image]][npm-url] [![Build status][travis-image]][travis-url] [![Code Climate][codeclimate-image]][codeclimate-url] [![Dependencies][david-dm-image]][david-dm-url]
+# node-argon2 [![NPM package][npm-image]][npm-url] [![Build status][travis-image]][travis-url] [![Coverage status][coveralls-image]][coveralls-url] [![Code Climate][codeclimate-image]][codeclimate-url] [![Dependencies][david-dm-image]][david-dm-url]
 Bindings to the  reference [Argon2](https://github.com/P-H-C/phc-winner-argon2).
@@ -23,5 +23,5 @@ implementation.
 try {
-    var hash = argon2.encryptSync('password', 'somesalt');
+  var hash = argon2.encryptSync('password', 'somesalt');
 } catch (err) {
-    console.log(err);
+  console.log(err);
 }
@@ -45,2 +45,21 @@ ```
 
+You can also modify time, memory and parallelism constraints passing an object
+as the third parameter, with keys `timeCost`, `memoryCost` and `parallelism`,
+respectively defaulted to 3, 12 (meaning 2^12 KB) and 1 (threads):
+```js
+var argon2 = require('argon2');
+
+argon2.encrypt('password', saltGeneratedWithAboveFunction, {
+    timeCost: 4, memoryCost: 13, parallelism: 2
+}, function (err, hash) {
+  // ...
+});
+
+// OR
+
+var hash = argon2.encryptSync('password', saltGeneratedWithAboveFunction, {
+  timeCost: 4, memoryCost: 13, parallelism: 2
+};
+```
+
 To verify a password:
@@ -77,2 +96,4 @@ ```js
 [travis-url]: https://travis-ci.org/ranisalt/node-argon2
+[coveralls-image]: https://img.shields.io/coveralls/ranisalt/node-argon2.svg
+[coveralls-url]: https://coveralls.io/github/ranisalt/node-argon2
 [codeclimate-image]: https://img.shields.io/codeclimate/github/ranisalt/node-argon2.svg
@@ -79,0 +100,0 @@ [codeclimate-url]: https://codeclimate.com/github/ranisalt/node-argon2

test.spec.js

@@ -1,2 +0,4 @@
-var argon2 = require('.');
+var argon2 = process.env.ARGON2_COVERAGE
+  ? require('./index-cov')
+  : require('./index');
 
@@ -31,2 +33,79 @@ module.exports = {
 
+  test_hash_time_cost: function (assert) {
+    "use strict";
+
+    assert.expect(3);
+
+    argon2.encrypt("password", "somesalt", {
+      timeCost: 4
+    }, function (err, hash) {
+      assert.ok(hash, "Hash should be defined.");
+      assert.ok(/m=4096,t=4,p=1/.test(hash), "Hash should have correct time cost.");
+      assert.equal(undefined, err, "Error should not be defined.");
+      assert.done();
+    });
+  },
+
+  test_hash_memory_cost: function (assert) {
+    "use strict";
+
+    assert.expect(3);
+
+    argon2.encrypt("password", "somesalt", {
+      memoryCost: 13
+    }, function (err, hash) {
+      assert.ok(hash, "Hash should be defined.");
+      assert.ok(/m=8192,t=3,p=1/.test(hash), "Hash should have correct memory cost.");
+      assert.equal(undefined, err, "Error should not be defined.");
+      assert.done();
+    });
+  },
+
+  test_hash_high_memory_cost: function (assert) {
+    "use strict";
+
+    assert.expect(3);
+
+    argon2.encrypt("password", "somesalt", {
+      memoryCost: 32
+    }, function (err, hash) {
+      assert.ok(err, "Error should be defined.");
+      assert.equal(err.message, "Memory cost too high, maximum of 32.", "Error message should be equal to expected.");
+      assert.equal(undefined, hash, "Hash should not be defined.");
+      assert.done();
+    });
+  },
+
+  test_hash_parallelism: function (assert) {
+    "use strict";
+
+    assert.expect(3);
+
+    argon2.encrypt("password", "somesalt", {
+      parallelism: 2
+    }, function (err, hash) {
+      assert.ok(hash, "Hash should be defined.");
+      assert.ok(/m=4096,t=3,p=2/.test(hash), "Hash should have correct parallelism.");
+      assert.equal(undefined, err, "Error should not be defined.");
+      assert.done();
+    });
+  },
+
+  test_hash_all_options: function (assert) {
+    "use strict";
+
+    assert.expect(3);
+
+    argon2.encrypt("password", "somesalt", {
+      timeCost: 4,
+      memoryCost: 13,
+      parallelism: 2
+    }, function (err, hash) {
+      assert.ok(hash, "Hash should be defined.");
+      assert.ok(/m=8192,t=4,p=2/.test(hash), "Hash should have correct options.");
+      assert.equal(undefined, err, "Error should not be defined.");
+      assert.done();
+    });
+  },
+
   test_hash_sync: function (assert) {
@@ -43,2 +122,65 @@ "use strict";
 
+  test_hash_sync_time_cost: function (assert) {
+    "use strict";
+
+    assert.expect(1);
+
+    var hash = argon2.encryptSync("password", "somesalt", {
+      timeCost: 4
+    });
+    assert.ok(/m=4096,t=4,p=1/.test(hash),"Hash should have correct time cost.");
+    assert.done();
+  },
+
+  test_hash_sync_memory_cost: function (assert) {
+    "use strict";
+
+    assert.expect(1);
+
+    var hash = argon2.encryptSync("password", "somesalt", {
+      memoryCost: 13
+    });
+    assert.ok(/m=8192,t=3,p=1/.test(hash), "Hash should have correct memory cost.");
+    assert.done();
+  },
+
+  test_hash_sync_high_memory_cost: function (assert) {
+    "use strict";
+
+    assert.expect(1);
+
+    assert.throws(function () {
+      var hash = argon2.encryptSync("password", "somesalt", {
+        memoryCost: 32
+      }, Error, "Error should be thrown.");
+    });
+    assert.done();
+  },
+
+  test_hash_sync_parallelism: function (assert) {
+    "use strict";
+
+    assert.expect(1);
+
+    var hash = argon2.encryptSync("password", "somesalt", {
+      parallelism: 2
+    });
+    assert.ok(/m=4096,t=3,p=2/.test(hash), "Hash should have correct parallelism.");
+    assert.done();
+  },
+
+  test_hash_sync_all_options: function (assert) {
+    "use strict";
+
+    assert.expect(1);
+
+    var hash = argon2.encryptSync("password", "somesalt", {
+      timeCost: 4,
+      memoryCost: 13,
+      parallelism: 2
+    });
+    assert.ok(/m=8192,t=4,p=2/.test(hash),"Hash should have correct options.");
+    assert.done();
+  },
+
   test_hash_sync_long_salt: function (assert) {
@@ -50,3 +192,3 @@ "use strict";
     assert.throws(function () {
-      argon2.encryptSync("password", "somesaltwaytoobig")
+      argon2.encryptSync("password", "somesaltwaytoobig");
     }, Error, "Error should be thrown.");
@@ -53,0 +195,0 @@ assert.done();

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 9 instances in 1 package

Improved metrics

Lines of code

261

increased by105.51%

Number of lines in readme file

100

increased by26.58%

Number of high supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

1

decreased by-90%

Worsened metrics

Total package byte prevSize

1456475

decreased by-15.37%

Dev dependency count

3

increased by200%

Number of package files

44

decreased by-40.54%

Number of low supply chain risk alerts

1

increased byInfinity%

No dependency changes