Feature request: Add `secret` parameter to argon2 implementation

[malobre]

https://github.com/P-H-C/phc-winner-argon2#library mentions additional parameters, among them:

The secret parameter, which is used for keyed hashing. This allows a secret key to be input at hashing time (from some external location) and be folded into the value of the hash. This means that even if your salts and hashes are compromised, an attacker cannot brute-force to find the password without the key.

[malobre]

Nevermind, I missed the createHMAC function which satifies my need. Sorry for the noise.

[Daninet]

I think it's a valid request. For now, here is a workaround: https://security.stackexchange.com/a/206177

[malobre]

I did a bit of digging in the original source code and this should be straightforward to implement. In short, the secret is processed just like the salt (but not stored in the encoded output, obviously).

Which would mean something like this in argon2.ts:

   blake512.init();
   blake512.update(initVector);
   blake512.update(int32LE(password.length));
   blake512.update(password);
   blake512.update(int32LE(salt.length));
   blake512.update(salt);
+  if (secret) {
+    blake512.update(int32LE(secret.length));
+    blake512.update(secret);
+  }
   blake512.update(int32LE(0)); // key length + key
   blake512.update(int32LE(0)); // associatedData length + associatedData

I can submit a PR if you want

[Daninet]

Nice. Please submit a PR and I will have a look. Thank you.