Expose Argon2 password derivation

[haggholm]

The README (very correctly) notes that you should not derive a key without running it through a strengthening function like PBKDF2, but libsodium itself already ships with one—Argon2. From brief inspection, it seems that the nacl_raw property (the WASM code?) contains this functionality, e.g. nacl_raw._crypto_pwhash_argon2id_alg_argon2id13 et al.

I’d love to create a PR, but having no experience with WASM-compiled code, I worry that a half-baked PR is more likely to either be a nuisance or a security hole; looking at nacl_cooked.js, I am guessing it isn’t a very big task…for someone who knows what they’re doing, which (alas) I here do not.

Any chance of exposing the Argon2 API?

[tonyg]

Would you be able to draft some (failing) test cases and documentation, do you think? I think then it'd be straightforward to write the wrapper stubs and get the tests to pass.

[haggholm]

Thank you for the quick reply! I should make it very clear that I’m quite new to the whole setup (emscripten, wasm, and not least NaCl/libsodium itself), so I may be botching conventions quite badly, or even misusing it. In trying to piece together a solution by combining your docs (+TS bindings) and the docs at https://libsodium.gitbook.io/doc/, it seems to me that what I’m missing is what fails here:

https://github.com/haggholm/nacl-test

Since I’m just starting to look at it, I may be providing bad inputs &c., but it seems to me that it should be possible to get it and https://github.com/ranisalt/node-argon2 to generate the same output. (And I’d much rather do it through js-nacl, since as I understand it, I should be able to run the same code in Node.js and the browser.)

[tonyg]

That sounds about right. Can you make a PR that integrates with the test cases and docs (such as they are) as they stand?