From 73df58ea6dddeebe34ffff06b97add2f7c12af5c Mon Sep 17 00:00:00 2001 From: Matthew Hartstonge Date: Sat, 5 Nov 2022 15:10:39 +1300 Subject: [PATCH 1/6] :arrow_up: deps: updates to `go@1.18` and `golang.org/x/crypto@v0.1.0`. --- go.mod | 6 +++--- go.sum | 15 ++++----------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 6cd86d3..c3fceb9 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,7 @@ module github.com/matthewhartstonge/argon2 -go 1.17 +go 1.18 -require golang.org/x/crypto v0.0.0-20220214200702-86341886e292 +require golang.org/x/crypto v0.1.0 -require golang.org/x/sys v0.0.0-20220222160653-b146bcec3beb // indirect +require golang.org/x/sys v0.1.0 // indirect diff --git a/go.sum b/go.sum index 511f643..c8b5eee 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,4 @@ -golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220222160653-b146bcec3beb h1:Ilbx3DBAwVTR3lKQBhB5046dy7jic04dBpmG4fW/ru0= -golang.org/x/sys v0.0.0-20220222160653-b146bcec3beb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From dbcf0246a2ed2fd68db5701376d232bf2efcecf1 Mon Sep 17 00:00:00 2001 From: Matthew Hartstonge Date: Sat, 5 Nov 2022 15:12:16 +1300 Subject: [PATCH 2/6] :sparkles: .github: adds support for github actions, codeowners and dependabot. --- .github/CODEOWNERS | 9 ++++++ .github/dependabot.yml | 11 ++++++++ .github/workflows/go.yml | 59 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/go.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..7499b3f --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,9 @@ +# GitHub Code Owners +# More info about this file can be found in the GitHub documentation: +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax + +# Default reviewers for all files +* @matthewhartstonge + +# Request a review from devops team members for github related changes. +.github/ @matthewhartstonge diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..d5987cd --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +version: 2 +updates: +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + +- package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 0000000..8a38b0c --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,59 @@ +name: go + +on: + pull_request: + branches: + - development + - main + +permissions: + contents: read + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version-file: 'go.mod' + + - name: Download Go Modules + run: go mod download + + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v3.3.0 + + test: + name: Test Go@v${{ matrix.go-version }} + runs-on: ubuntu-latest + strategy: + matrix: + go-version: + - '1.11.4' + - '1.12' + - '1.13' + - '1.14' + - '1.15' + - '1.16' + - '1.17' + - '1.18' + - '1.19' + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go-version }} + + - name: Download Go Modules + run: go mod download + + - name: Run Tests + run: go test ./... From 33eee5b9ff4e14a37465146b7b1e4f001446cea7 Mon Sep 17 00:00:00 2001 From: Matthew Hartstonge Date: Sat, 5 Nov 2022 15:13:47 +1300 Subject: [PATCH 3/6] :bulb: argon2: fixes grammar and comment line length. --- argon2.go | 11 +++++++---- encoding.go | 6 ++++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/argon2.go b/argon2.go index 373c579..b3ae5b1 100644 --- a/argon2.go +++ b/argon2.go @@ -168,7 +168,8 @@ func MemoryConstrainedDefaults() Config { // Hash takes a password and optionally a salt and returns an Argon2 hash. // -// If salt is nil a appropriate salt of Config.SaltLength bytes is generated for you. +// If salt is nil an appropriate salt of Config.SaltLength bytes is generated +// for you. func (c *Config) Hash(pwd []byte, salt []byte) (Raw, error) { if pwd == nil { return Raw{}, ErrPwdTooShort @@ -214,7 +215,8 @@ func (c *Config) HashEncoded(pwd []byte) (encoded []byte, err error) { return } -// Raw wraps a salt and hash pair including the Config with which it was generated. +// Raw wraps a salt and hash pair including the Config with which it was +// generated. // // A Raw struct is generated using Decode() or the Hash*() methods above. // @@ -239,7 +241,8 @@ func (raw *Raw) Verify(pwd []byte) (bool, error) { return subtle.ConstantTimeCompare(r.Hash, raw.Hash) == 1, nil } -// VerifyEncoded returns true if `pwd` matches the encoded hash `encoded` and otherwise false. +// VerifyEncoded returns true if `pwd` matches the encoded hash `encoded` and +// otherwise false. func VerifyEncoded(pwd []byte, encoded []byte) (bool, error) { r, err := Decode(encoded) if err != nil { @@ -249,7 +252,7 @@ func VerifyEncoded(pwd []byte, encoded []byte) (bool, error) { } // SecureZeroMemory is a helper method which sets all bytes in `b` -// (up to it's capacity) to `0x00`, erasing it's contents. +// (up to its capacity) to `0x00`, erasing its contents. func SecureZeroMemory(b []byte) { b = b[:cap(b):cap(b)] for i := range b { diff --git a/encoding.go b/encoding.go index 3a5faa9..684d893 100644 --- a/encoding.go +++ b/encoding.go @@ -175,7 +175,8 @@ var ( encTypID = []byte("id$v=") ) -// Encode turns a Raw struct into the official stringified/encoded argon2 representation. +// Encode turns a Raw struct into the official stringified/encoded argon2 +// representation. // // The resulting byte slice can safely be turned into a string. func (raw *Raw) Encode() []byte { @@ -220,7 +221,8 @@ func (raw *Raw) Encode() []byte { return buf } -// Decode takes a stringified/encoded argon2 hash and turns it back into a Raw struct. +// Decode takes a stringified/encoded argon2 hash and turns it back into a Raw +// struct. // // This decoder ignores "data" attributes as they are likely to be deprecated. func Decode(encoded []byte) (Raw, error) { From ad260df4dd6b9150b9a1fb84606805d086ec0079 Mon Sep 17 00:00:00 2001 From: Matthew Hartstonge Date: Sat, 5 Nov 2022 15:14:43 +1300 Subject: [PATCH 4/6] :fire: dep: removes support for dep. --- Gopkg.lock | 28 ---------------------------- Gopkg.toml | 36 ------------------------------------ 2 files changed, 64 deletions(-) delete mode 100644 Gopkg.lock delete mode 100644 Gopkg.toml diff --git a/Gopkg.lock b/Gopkg.lock deleted file mode 100644 index a353524..0000000 --- a/Gopkg.lock +++ /dev/null @@ -1,28 +0,0 @@ -# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. - - -[[projects]] - branch = "master" - digest = "1:1458b942006445cfb9a3214bfaca0c4436ba0cd519c30117813717186ad35548" - name = "golang.org/x/crypto" - packages = [ - "argon2", - "blake2b", - ] - pruneopts = "UT" - revision = "a769d52b0f97a420f3dcafc17f8b3384217859a2" - -[[projects]] - branch = "master" - digest = "1:52b7d226696ffeb8b3aa86b91fc39163a3d349b8e5703a46461e5fa33c3cb6c9" - name = "golang.org/x/sys" - packages = ["cpu"] - pruneopts = "UT" - revision = "c11f84a56e43e20a78cee75a7c034031ecf57d1f" - -[solve-meta] - analyzer-name = "dep" - analyzer-version = 1 - input-imports = ["golang.org/x/crypto/argon2"] - solver-name = "gps-cdcl" - solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml deleted file mode 100644 index 80929f4..0000000 --- a/Gopkg.toml +++ /dev/null @@ -1,36 +0,0 @@ -# Gopkg.toml example -# -# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md -# for detailed Gopkg.toml documentation. -# -# required = ["github.com/user/thing/cmd/thing"] -# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] -# -# [[constraint]] -# name = "github.com/user/project" -# version = "1.0.0" -# -# [[constraint]] -# name = "github.com/user/project2" -# branch = "dev" -# source = "github.com/myfork/project2" -# -# [[override]] -# name = "github.com/x/y" -# version = "2.4.0" -# -# [prune] -# non-go = false -# go-tests = true -# unused-packages = true -ignored = [ - "github.com/lhecker/argon2" -] - -[prune] - go-tests = true - unused-packages = true - -[[ constraint ]] - name = "golang.org/x/crypto" - branch = "master" From bfbb707a41d9b83ec0d636fb46838da8864672b7 Mon Sep 17 00:00:00 2001 From: Matthew Hartstonge Date: Sat, 5 Nov 2022 15:15:51 +1300 Subject: [PATCH 5/6] :fire: travis: removes travis configuration. --- .travis.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index afc59c0..0000000 --- a/.travis.yml +++ /dev/null @@ -1,20 +0,0 @@ -language: go -sudo: false -go: - - '1.11.4' - - '1.12' - - '1.13' - - '1.14' - - '1.15' - - '1.16' - - '1.17' - - 'tip' - -env: - - GO111MODULE=on - -install: - - go get - -script: - - go test From 3fdbafcb7a19f0e761ff611d77d7ed26518b1d69 Mon Sep 17 00:00:00 2001 From: Matthew Hartstonge Date: Sat, 5 Nov 2022 15:30:32 +1300 Subject: [PATCH 6/6] :memo: readme: update badges and remove references to travis ci. --- README.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a7e68ab..b7af04f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # 🔐 argon2 -[![Build Status](https://travis-ci.org/matthewhartstonge/argon2.svg?branch=master)](https://travis-ci.org/matthewhartstonge/argon2) +[![Go Reference](https://pkg.go.dev/badge/github.com/matthewhartstonge/argon2.svg)](https://pkg.go.dev/github.com/matthewhartstonge/argon2) [![Go Report Card](https://goreportcard.com/badge/github.com/matthewhartstonge/argon2)](https://goreportcard.com/report/github.com/matthewhartstonge/argon2) [![go](https://github.com/matthewhartstonge/argon2/actions/workflows/go.yml/badge.svg)](https://github.com/matthewhartstonge/argon2/actions/workflows/go.yml) argon2 provides a pure Go implementation for Argon2 password hashing. @@ -63,17 +63,12 @@ go run _example/example.go ## Benchmarks -Benchmarks are run on each build. Follow the build badge link to check the -latest status on benchmarking results via TravisCI. - -[![Build Status](https://travis-ci.org/matthewhartstonge/argon2.svg?branch=master)](https://travis-ci.org/matthewhartstonge/argon2) - The following manual benchmark was performed on a `i7-7700 @ 3.60GHz` with `AData DDR4 2132MHz` memory. Note: -- The native benchmarks have now been moved into a separate branch for - reference in order to keep go mod dependencies tidy. +- The native benchmarks are in a separate branch for reference in order to keep + go mod dependencies tidy. ``` goos: windows