Add documentation

.gitignore

@@ -11,3 +11,4 @@ __pycache__
 *.dylib
 *.so
 .hypothesis
+_build

AUTHORS.rst

@@ -1,7 +1,7 @@
-Credits
-=======
+Credits & License
+=================
 
-``argon2_cffi`` is written and maintained by Hynek Schlawack.
+``argon2_cffi`` is maintained by Hynek Schlawack and released under the `MIT license <https://github.com/hynek/argon2_cffi/blob/master/LICENSE>`_.
 
 The development is kindly supported by `Variomedia AG <https://www.variomedia.de/>`_.
 
@@ -16,14 +16,15 @@ Argon2
 
 The original Argon2 repo can be found at https://github.com/P-H-C/phc-winner-argon2/.
 
-Except for the components listed below, the Argon2 code in this repository is copyright (c) 2015 Daniel Dinu, Dmitry Khovratovich (main authors), Jean-Philippe Aumasson and Samuel Neves, and under CC0 license.
+Except for the components listed below, the Argon2 code in this repository is copyright (c) 2015 Daniel Dinu, Dmitry Khovratovich (main authors), Jean-Philippe Aumasson and Samuel Neves, and under CC0_ license.
 
-The string encoding routines in src/encoding.c are copyright (c) 2015 Thomas Pornin, and under CC0 license.
+The string encoding routines in src/encoding.c are copyright (c) 2015 Thomas Pornin, and under CC0_ license.
 
-The BLAKE2 code in src/blake2/ is copyright (c) Samuel Neves, 2013-2015, and under CC0 license.
+The `BLAKE2 <https://blake2.net>_` code in ``src/blake2/`` is copyright (c) Samuel Neves, 2013-2015, and under CC0_ license.
 
 The authors of Argon2 also were very helpful to get the library to compile on ancient versions of Visual Studio for ancient versions of Python.
 
+.. _CC0: https://creativecommons.org/publicdomain/zero/1.0/
 
 msinttypes
 ^^^^^^^^^^

CONTRIBUTING.rst

@@ -11,6 +11,8 @@ Here are a few guidelines to get you started:
   If you lack some Python version, you can can always limit the environments like ``tox -e py27,py35`` (in that case you may want to look into pyenv_ that makes it very easy to install many different Python versions in parallel).
 - Make sure your changes pass our CI.
   You won't get any feedback until it's green unless you ask for it.
+- If you address review feedback, make sure to bump the pull request.
+  Maintainers don’t receive notifications if you push new commits.
 - If your change is noteworthy, add an entry to the changelog_.
   Use present tense, semantic newlines, and add link to your pull request.
 - No contribution is too small; please submit as many fixes for typos and grammar bloopers as you can!
@@ -19,8 +21,6 @@ Here are a few guidelines to get you started:
   This is a hard rule; patches with missing tests or documentation won’t be merged.
 - Write `good test docstrings`_.
 - Obey `PEP 8`_ and `PEP 257`_.
-- If you address review feedback, make sure to bump the pull request.
-  Maintainers don’t receive notifications if you push new commits.
 
 Please note that this project is released with a Contributor `Code of Conduct`_.
 By participating in this project you agree to abide by its terms.

MANIFEST.in

@@ -3,3 +3,5 @@ exclude src/argon2/_ffi.py .gitmodules extras/libargon2/.git appveyor.yml
 graft tests
 recursive-exclude tests *.pyc
 graft extras
+graft docs
+prune docs/_build

README.rst

@@ -2,6 +2,10 @@
 CFFI-based Argon2 Bindings for Python
 =====================================
 
+.. image:: https://readthedocs.org/projects/argon2-cffi/badge/?version=latest
+  :target: http://argon2-cffi.readthedocs.org/en/latest/?badge=latest
+  :alt: Documentation Status
+
 .. image:: https://travis-ci.org/hynek/argon2_cffi.svg?branch=master
   :target: https://travis-ci.org/hynek/argon2_cffi
 
@@ -14,11 +18,9 @@ CFFI-based Argon2 Bindings for Python
 .. image:: https://www.irccloud.com/invite-svg?channel=%23cryptography-dev&hostname=irc.freenode.net&port=6697&ssl=1
     :target: https://www.irccloud.com/invite?channel=%23cryptography-dev&hostname=irc.freenode.net&port=6697&ssl=1
 
-.. begin
-
+.. teaser-begin
 
-`Argon2 <https://github.com/p-h-c/phc-winner-argon2>`_ won the `Password Hashing Competition <https://password-hashing.net/>`_ in 2015.
-``argon2_cffi`` is the simplest way to use it in Python and PyPy:
+`Argon2 <https://github.com/p-h-c/phc-winner-argon2>`_ won the `Password Hashing Competition <https://password-hashing.net/>`_ and ``argon2_cffi`` is the simplest way to use it in Python and PyPy:
 
 .. code-block:: pycon
 
@@ -37,86 +39,10 @@ You can omit the ``salt`` argument for a secure random salt of length ``argon2.D
 
 .. code-block:: pycon
 
+  >>> argon2.DEFAULT_RANDOM_SALT_LENGTH
+  16
   >>> argon2.hash_password(b"secret")  # doctest: +SKIP
   b'$argon2i$m=512,t=2,p=2$c29tZXNhbHQ$2IdoNVglVTxb9w4YVJqW8w'
 
-
-Installation
-============
-
-A working C compiler is required because the official Argon2 C implementation is shipped along with the Python CFFI bindings.
-Otherwise a plain ``pip install argon2_cffi`` should just work.
-Binary `wheels <http://pythonwheels.com>`_ are offered for OS X and Windows.
-
-
-Hands-on
-========
-
-``argon2_cffi`` comes with hopefully reasonable defaults for Argon2 parameters that result in a verification time of between 0.5ms and 1ms on reasonably recent hardware.
-But of course, you can set them yourself if you wish:
-
-.. code-block:: pycon
-
-  >>> argon2.hash_password(
-  ...     b"secret", b"somesalt",
-  ...     time_cost=1,         # number of iterations
-  ...     memory_cost=8,       # used memory in KiB
-  ...     parallelism=1,       # number of threads used; changes hash!
-  ...     hash_len=64,         # length of resulting raw hash
-  ...     type=argon2.Type.D,  # choose Argon2i or Argon2d
-  ... )
-  b'$argon2d$m=8,t=1,p=1$c29tZXNhbHQ$H0oN1/L3H8t8hcg47pAyJZ8toBh2UbgcMt0zRFrqt4mEJCeKSEWGxt+KpZrMwxvr7M5qktNcc/bk/hvbinueJA'
-
-The raw hash can also be computed.
-The function takes the same parameters as ``hash_password()``:
-
-.. code-block:: pycon
-
-  >>> argon2.hash_password_raw(b"secret", b"somesalt")
-  b'\xd8\x87h5X%U<[\xf7\x0e\x18T\x9a\x96\xf3'
-
-
-Choosing Parameters
--------------------
-
-Finding the right parameters for a password hashing algorithm is a daunting task.
-The authors of Argon2 specified a method in their `paper <https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf>`_ but it should be noted that they also  mention that no value for ``time_cost`` or ``memory_cost`` is actually insecure (cf. section 6.4).
-
-
-#. Choose whether you want Argon2i or Argon2d (``type``).
-   If you don't know what that means, choose Argon2i (``Type.I``).
-#. Figure out how many threads can be used on each call to Argon2 (``parallelism``).
-   They recommend twice as many as the number of cores dedicated to hashing passwords.
-#. Figure out how much memory each call can afford (``memory_cost``).
-#. Choose a salt length.
-   16 Bytes are fine.
-#. Choose a hash length (``hash_len``).
-   16 Bytes are fine.
-#. Figure out how long each call can take.
-   One `recommendation <https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/march/enough-with-the-salts-updates-on-secure-password-schemes/>`_ for concurent user logins is to keep it under 0.5ms.
-#. Measure the time for hashing using your chosen parameters.
-   Find a ``time_cost`` that is within your accounted time.
-   If ``time_cost=1`` takes too long, lower ``memory_cost``.
-
-
-CLI
-^^^
-
-To aid you with finding the parameters, ``argon2_cffi`` offers a CLI interface that can be accessed using ``python -m argon2``.
-It will benchmark Argon2’s *password verification* in the current environment.
-You can use command line arguments to set hashing parameters:
-
-.. code-block:: text
-
-  $ python -m argon2 -t 1 -m 512 -p 2
-  Running Argon2i 100 times with:
-  hash_len: 16
-  memory_cost: 512
-  parallelism: 2
-  time_cost: 1
-
-  Measuring...
-
-  0.418ms per password verification
-
-This should make it much easier to determine the right parameters for your use case and your environment.
+``argon2_cffi``\ ’s documentation lives at `Read the Docs <https://argon2-cffi.readthedocs.org/>`_, the code on `GitHub <https://github.com/hynek/argon2_cffi>`_.
+It’s rigorously tested on Python 2.6, 2.7, 3.3+, and PyPy.

docs/Makefile

@@ -0,0 +1,177 @@
+# Makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+PAPER         =
+BUILDDIR      = _build
+
+# User-friendly check for sphinx-build
+ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
+$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
+endif
+
+# Internal variables.
+PAPEROPT_a4     = -D latex_paper_size=a4
+PAPEROPT_letter = -D latex_paper_size=letter
+ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
+# the i18n builder cannot share the environment and doctrees with the others
+I18NSPHINXOPTS  = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
+
+.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
+
+help:
+	@echo "Please use \`make <target>' where <target> is one of"
+	@echo "  html       to make standalone HTML files"
+	@echo "  dirhtml    to make HTML files named index.html in directories"
+	@echo "  singlehtml to make a single large HTML file"
+	@echo "  pickle     to make pickle files"
+	@echo "  json       to make JSON files"
+	@echo "  htmlhelp   to make HTML files and a HTML help project"
+	@echo "  qthelp     to make HTML files and a qthelp project"
+	@echo "  devhelp    to make HTML files and a Devhelp project"
+	@echo "  epub       to make an epub"
+	@echo "  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
+	@echo "  latexpdf   to make LaTeX files and run them through pdflatex"
+	@echo "  latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
+	@echo "  text       to make text files"
+	@echo "  man        to make manual pages"
+	@echo "  texinfo    to make Texinfo files"
+	@echo "  info       to make Texinfo files and run them through makeinfo"
+	@echo "  gettext    to make PO message catalogs"
+	@echo "  changes    to make an overview of all changed/added/deprecated items"
+	@echo "  xml        to make Docutils-native XML files"
+	@echo "  pseudoxml  to make pseudoxml-XML files for display purposes"
+	@echo "  linkcheck  to check all external links for integrity"
+	@echo "  doctest    to run all doctests embedded in the documentation (if enabled)"
+
+clean:
+	rm -rf $(BUILDDIR)/*
+
+html:
+	$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
+	@echo
+	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
+
+dirhtml:
+	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
+	@echo
+	@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
+
+singlehtml:
+	$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
+	@echo
+	@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
+
+pickle:
+	$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
+	@echo
+	@echo "Build finished; now you can process the pickle files."
+
+json:
+	$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
+	@echo
+	@echo "Build finished; now you can process the JSON files."
+
+htmlhelp:
+	$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
+	@echo
+	@echo "Build finished; now you can run HTML Help Workshop with the" \
+	      ".hhp project file in $(BUILDDIR)/htmlhelp."
+
+qthelp:
+	$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
+	@echo
+	@echo "Build finished; now you can run "qcollectiongenerator" with the" \
+	      ".qhcp project file in $(BUILDDIR)/qthelp, like this:"
+	@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/prometheus_async.qhcp"
+	@echo "To view the help file:"
+	@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/prometheus_async.qhc"
+
+devhelp:
+	$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
+	@echo
+	@echo "Build finished."
+	@echo "To view the help file:"
+	@echo "# mkdir -p $$HOME/.local/share/devhelp/prometheus_async"
+	@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/prometheus_async"
+	@echo "# devhelp"
+
+epub:
+	$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
+	@echo
+	@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
+
+latex:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo
+	@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
+	@echo "Run \`make' in that directory to run these through (pdf)latex" \
+	      "(use \`make latexpdf' here to do that automatically)."
+
+latexpdf:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo "Running LaTeX files through pdflatex..."
+	$(MAKE) -C $(BUILDDIR)/latex all-pdf
+	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
+
+latexpdfja:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo "Running LaTeX files through platex and dvipdfmx..."
+	$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
+	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
+
+text:
+	$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
+	@echo
+	@echo "Build finished. The text files are in $(BUILDDIR)/text."
+
+man:
+	$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
+	@echo
+	@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
+
+texinfo:
+	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+	@echo
+	@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
+	@echo "Run \`make' in that directory to run these through makeinfo" \
+	      "(use \`make info' here to do that automatically)."
+
+info:
+	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+	@echo "Running Texinfo files through makeinfo..."
+	make -C $(BUILDDIR)/texinfo info
+	@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
+
+gettext:
+	$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
+	@echo
+	@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
+
+changes:
+	$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
+	@echo
+	@echo "The overview file is in $(BUILDDIR)/changes."
+
+linkcheck:
+	$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
+	@echo
+	@echo "Link check complete; look for any errors in the above output " \
+	      "or in $(BUILDDIR)/linkcheck/output.txt."
+
+doctest:
+	$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
+	@echo "Testing of doctests in the sources finished, look at the " \
+	      "results in $(BUILDDIR)/doctest/output.txt."
+
+xml:
+	$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
+	@echo
+	@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
+
+pseudoxml:
+	$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
+	@echo
+	@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."

docs/api.rst

@@ -0,0 +1,32 @@
+API Reference
+=============
+
+.. module:: argon2
+
+``argon2_cffi`` comes with hopefully reasonable defaults for Argon2 parameters that result in a verification time of between 0.5ms and 1ms on recent-ish hardware.
+But of course, you can set them yourself if you wish:
+
+
+.. autofunction:: hash_password
+
+.. code-block:: pycon
+
+  >>> import argon2
+  >>> argon2.hash_password(
+  ...     b"secret", b"somesalt",
+  ...     time_cost=1,         # number of iterations
+  ...     memory_cost=8,       # used memory in KiB
+  ...     parallelism=1,       # number of threads used; changes hash!
+  ...     hash_len=64,         # length of resulting raw hash
+  ...     type=argon2.Type.D,  # choose Argon2i or Argon2d
+  ... )
+  b'$argon2d$m=8,t=1,p=1$c29tZXNhbHQ$H0oN1/L3H8t8hcg47pAyJZ8toBh2UbgcMt0zRFrqt4mEJCeKSEWGxt+KpZrMwxvr7M5qktNcc/bk/hvbinueJA'
+
+The raw hash can also be computed:
+
+.. autofunction:: hash_password_raw
+
+.. code-block:: pycon
+
+  >>> argon2.hash_password_raw(b"secret", b"somesalt")
+  b'\xd8\x87h5X%U<[\xf7\x0e\x18T\x9a\x96\xf3'