Merge pull request #4 from dwin/dev

package improvements

.drone.yml

@@ -0,0 +1,51 @@
+kind: pipeline
+name: default
+
+workspace:
+  base: /go
+  path: src/github.com/dwin/goArgonPass
+
+steps:
+  - name: build-alpine_latest
+    image: golang:alpine
+    pull: always
+    commands:
+      - go build -race -v .
+
+  - name: test-1.11-alpine
+    image: golang:1.11-alpine
+    commands:
+      - apk add --update bash build-base
+      - go test ./...
+
+  - name: test-1.12-alpine
+    image: golang:1.12-alpine3.9
+    commands:
+      - apk add --update bash build-base
+      - go test ./...
+
+  - name: test-alpine_latest
+    image: golang:alpine
+    pull: always
+    volumes:
+      - name: cache
+        path: /tmp/cache
+    commands:
+      - apk add --update bash build-base
+      - go test -coverprofile=/tmp/cache/coverage.txt -covermode=atomic ./...
+
+  - name: coverage
+    image: plugins/codecov
+    volumes:
+      - name: cache
+        path: /tmp/cache
+    settings:
+      required: true
+      token:
+        from_secret: codecov_token
+      files:
+        - /tmp/cache/coverage.txt
+
+volumes:
+  - name: cache
+    temp: {}

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2018 Darwin
+Copyright (c) 2018 Darwin Smith II
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -3,72 +3,96 @@
 [![GoDoc](https://godoc.org/github.com/dwin/goArgonPass?status.svg)](https://godoc.org/github.com/dwin/goArgonPass)
 [![cover.run](https://cover.run/go/github.com/dwin/goArgonPass.svg?style=flat&tag=golang-1.10)](https://cover.run/go?tag=golang-1.10&repo=github.com%2Fdwin%2FgoArgonPass)
 [![Build Status](https://travis-ci.org/dwin/goArgonPass.svg?branch=master)](https://travis-ci.org/dwin/goArgonPass)
+[![Coverage Status](https://coveralls.io/repos/github/dwin/goArgonPass/badge.svg?branch=master)](https://coveralls.io/github/dwin/goArgonPass?branch=master)
 [![Go Report Card](https://goreportcard.com/badge/github.com/dwin/goArgonPass)](https://goreportcard.com/report/github.com/dwin/goArgonPass)
 
+Master:
+[![Build Status](https://drone.github.dlsmi.com/api/badges/dwin/goArgonPass/status.svg)](https://drone.github.dlsmi.com/dwin/goArgonPass)
+[![codecov](https://codecov.io/gh/dwin/goArgonPass/branch/master/graph/badge.svg)](https://codecov.io/gh/dwin/goArgonPass)
+
+Dev:
+[![Build Status](https://drone.github.dlsmi.com/api/badges/dwin/goArgonPass/status.svg?ref=/refs/heads/dev)](https://drone.github.dlsmi.com/dwin/goArgonPass)
+[![codecov](https://codecov.io/gh/dwin/goArgonPass/branch/dev/graph/badge.svg)](https://codecov.io/gh/dwin/goArgonPass)
+
 **_All hashing and crypto is done by Go library packages. This is only a utility package to make the process described easier._**
 
-## What?
+## Description
 
-goArgonPass is a Argon2 Password utility package for Go using the crypto library package [Argon2](https://godoc.org/golang.org/x/crypto/argon2). Argon2 was the winner of the most recent [Password Hashing Competition](https://password-hashing.net/#phc) and doesn't suffer from issues that Bcrypt has such as truncating input over 72 characters. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. The string input/output format was designed to be compatible with [Passlib for Python](https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html) and [Argon2 PHP](https://wiki.php.net/rfc/argon2_password_hash), and you should have full compatibility using the ```argon2i``` function, but will not be able to use ```argon2id```, which is the default for this pacakge until those libraries are updated to support it. I encourage you to find the parameters that work best for your application, but the defaults are resonable for an interactive use such as a web application login.
+goArgonPass is a Argon2 Password utility package for Go using the crypto library package [Argon2](https://godoc.org/golang.org/x/crypto/argon2). Argon2 was the winner of the most recent [Password Hashing Competition](https://password-hashing.net/#phc) and doesn't suffer from issues that Bcrypt has such as truncating input over 72 characters. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. The string input/output format was designed to be compatible with [Passlib for Python](https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html) and [Argon2 PHP](https://wiki.php.net/rfc/argon2_password_hash), and you should have full compatibility using the `argon2i` function, but will not be able to use `argon2id`, which is the default for this pacakge until those libraries are updated to support it. I encourage you to find the parameters that work best for your application, but the defaults are resonable for an interactive use such as a web application login.
 
-The default Argon2 function is ```Argon2id```, which is a hybrid version of Argon2 combining Argon2i and Argon2d. Argon2id is side-channel resistant and provides better brute- force cost savings due to time-memory tradeoffs than Argon2i, but Argon2i is still plenty secure.
+The default Argon2 function is `Argon2id`, which is a hybrid version of Argon2 combining Argon2i and Argon2d. Argon2id is side-channel resistant and provides better brute- force cost savings due to time-memory tradeoffs than Argon2i, but Argon2i is still plenty secure.
 
-[IETF Recommendation](https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.4) is: 
-> Argon2id variant with t=1 and maximum available memory is recommended as a default setting for all environments.  This setting is secure against side-channel attacks and maximizes adversarial costs on dedicated bruteforce hardware.
+[IETF Recommendation](https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.4) is:
+
+> Argon2id variant with t=1 and maximum available memory is recommended as a default setting for all environments. This setting is secure against side-channel attacks and maximizes adversarial costs on dedicated bruteforce hardware.
 
 ## Get Started
-```
+
+```bash
 go get github.com/dwin/goArgonPass
 ```
 
 See [example/example.go](https://github.com/dwin/goArgonPass/blob/master/example/example.go):
+
 ```go
 import (
-	"fmt"
-	"os"
+    "fmt"
+    "os"
 
-	"github.com/dwin/goArgonPass"
+    "github.com/dwin/goArgonPass"
 )
 
 func main() {
-	// Obtain user password from form or other input
-	userPassInput := "password"
-
-	// Hash with Default Parameters
-	hash, err := argonpass.Hash(userPassInput)
-	if err != nil {
-		// Handle Error
-		os.Exit(1)
-	}
-	fmt.Println("Hash Output: ", hash)
-	// Verify Hash
-	err = argonpass.Verify(userPassInput, hash)
-	if err != nil {
-		fmt.Println("Hash verification error: ", err)
-	}
-	fmt.Println("Hash verified")
+    // Obtain user password from form or other input
+    userPassInput := "password"
+
+    // Hash with Default Parameters
+    hash, err := argonpass.Hash(userPassInput)
+    if err != nil {
+        // Handle Error
+        os.Exit(1)
+    }
+    fmt.Println("Hash Output: ", hash)
+    // Verify Hash
+    err = argonpass.Verify(userPassInput, hash)
+    if err != nil {
+        fmt.Println("Hash verification error: ", err)
+    }
+    fmt.Println("Hash verified")
 }
 
 ```
 
-**Output Format**
-```
-$argon2id$v=19$m=65536,t=1,p=4$in2Oi1x57p0=$FopwSR12aLJ9OGPw1rKU5K5osAOGxOJzxC/shk+i850=
+### Output Format
 
-$argon2{function(i/id)}$v={version}$m={memory},t={time},p={parallelism}${salt(base64)}${digest(base64)}
+```bash
+$ argon2id$v=19$m=65536,t=1,p=4$in2Oi1x57p0=$FopwSR12aLJ9OGPw1rKU5K5osAOGxOJzxC/shk+i850=
+
+$ argon2{function(i/id)}$v={version}$m={memory},t={time},p={parallelism}${salt(base64)}${digest(base64)}
 ```
 
 ### Other Notes
 
+#### Custom Parameters
+
 Set Custom Parameters by passing ArgonParams{} to Hash().
 
-```
+| Parameter   |      Type      |      Default      |                        Valid Range |
+| ----------- | :------------: | :---------------: | ---------------------------------: |
+| Time        |    `uint32`    |        `1`        |                             `>= 1` |
+| Memory      |    `uint32`    |      `65536`      |                          `>= 1024` |
+| Parallelism |    `uint8`     |        `4`        |                             `1-64` |
+| OutputSize  |    `uint32`    |        `1`        |                           `16-512` |
+| Function    | `ArgonVariant` | `ArgonVariant2id` | `ArgonVariant2id | ArgonVariant2i` |
+| SaltSize    |    `uint8`     |        `8`        |                             `8-64` |
+
+```go
 type ArgonParams struct {
-	Time        uint32
-	Memory      uint32
-	Parallelism uint8
-	OutputSize  uint32
-	Function    string
-	SaltSize    uint8
+    Time        uint32
+    Memory      uint32
+    Parallelism uint8
+    OutputSize  uint32
+    Function    ArgonVariant
+    SaltSize    uint8
 }
-```
+```

example/example.go

@@ -16,7 +16,7 @@ func main() {
 		Memory:      512,
 		Parallelism: 2,
 		OutputSize:  16,
-		Function:    "argon2i", // can be `argon2i` or `argon2id`
+		Function:    argonpass.ArgonVariant2id, // can be `argon2i` or `argon2id`
 	}
 
 	// Hash with Default Parameters

go.mod

@@ -0,0 +1,13 @@
+module github.com/dwin/goArgonPass
+
+go 1.12
+
+require (
+	github.com/corpix/uarand v0.0.0 // indirect
+	github.com/davecgh/go-spew v1.1.0 // indirect
+	github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/testify v1.2.1
+	golang.org/x/crypto v0.0.0-20180606015541-b47b15873692
+	golang.org/x/sys v0.0.0-20180525142821-c11f84a56e43 // indirect
+)

go.sum

@@ -0,0 +1,14 @@
+github.com/corpix/uarand v0.0.0 h1:mNbzro1GwUcZ1hmO2rWXytkR3JBxNxxctzjyuhO+Aig=
+github.com/corpix/uarand v0.0.0/go.mod h1:JSm890tOkDN+M1jqN8pUGDKnzJrsVbJwSMHBY4zwz7M=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428 h1:Mo9W14pwbO9VfRe+ygqZ8dFbPpoIK1HFrG/zjTuQ+nc=
+github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.2.1 h1:52QO5WkIUcHGIR7EnGagH88x1bUzqGXTC5/1bDTUQ7U=
+github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/crypto v0.0.0-20180606015541-b47b15873692 h1:O9W34I8ef1ifsNUjJoqTsouE17HSL5RVJNn9pLMf7Og=
+golang.org/x/crypto v0.0.0-20180606015541-b47b15873692/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/sys v0.0.0-20180525142821-c11f84a56e43 h1:PvnWIWTbA7gsEBkKjt0HV9hckYfcqYv8s/ju7ArZ0do=
+golang.org/x/sys v0.0.0-20180525142821-c11f84a56e43/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=