From a987d6cc39e2788f14e47079d0bbe4751db614f1 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sat, 4 Mar 2023 13:40:09 -0700 Subject: [PATCH] balloon-hash: bump `crypto-bigint` to v0.5; MSRV 1.65 --- .github/workflows/balloon-hash.yml | 4 ++-- .github/workflows/workspace.yml | 2 +- Cargo.lock | 6 +++--- argon2/src/blake2b_long.rs | 2 +- argon2/src/error.rs | 2 +- argon2/src/lib.rs | 24 ++++++++++++------------ argon2/src/params.rs | 2 +- argon2/tests/kat.rs | 2 +- balloon-hash/Cargo.toml | 6 +++--- balloon-hash/README.md | 4 ++-- balloon-hash/src/error.rs | 2 +- balloon-hash/src/params.rs | 4 ++-- sha-crypt/src/lib.rs | 16 ++++++---------- sha-crypt/tests/lib.rs | 20 ++++++++++---------- 14 files changed, 46 insertions(+), 50 deletions(-) diff --git a/.github/workflows/balloon-hash.yml b/.github/workflows/balloon-hash.yml index b1d427f4..0d54312f 100644 --- a/.github/workflows/balloon-hash.yml +++ b/.github/workflows/balloon-hash.yml @@ -22,7 +22,7 @@ jobs: strategy: matrix: rust: - - 1.60.0 # MSRV + - 1.65.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -50,7 +50,7 @@ jobs: strategy: matrix: rust: - - 1.60.0 # MSRV + - 1.65.0 # MSRV - stable steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index 48f78695..7b0c63d0 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -17,7 +17,7 @@ jobs: - uses: RustCrypto/actions/cargo-cache@master - uses: actions-rs/toolchain@v1 with: - toolchain: 1.60.0 + toolchain: 1.67.0 components: clippy override: true profile: minimal diff --git a/Cargo.lock b/Cargo.lock index 3a285272..173d05b1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,7 +21,7 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "balloon-hash" -version = "0.3.0" +version = "0.4.0-pre" dependencies = [ "crypto-bigint", "digest", @@ -161,9 +161,9 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.4.9" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" +checksum = "071c0f5945634bc9ba7a452f492377dd6b1993665ddb58f28704119b32f07a9a" dependencies = [ "generic-array", "subtle", diff --git a/argon2/src/blake2b_long.rs b/argon2/src/blake2b_long.rs index b366f074..47d4742e 100644 --- a/argon2/src/blake2b_long.rs +++ b/argon2/src/blake2b_long.rs @@ -62,7 +62,7 @@ pub fn blake2b_long(inputs: &[&[u8]], out: &mut [u8]) -> Result<()> { out_len - counter > 64 }) { - last_output = Blake2b512::digest(&last_output); + last_output = Blake2b512::digest(last_output); chunk.copy_from_slice(&last_output[..half_hash_len]); } diff --git a/argon2/src/error.rs b/argon2/src/error.rs index 66ccbc6f..f6f10e70 100644 --- a/argon2/src/error.rs +++ b/argon2/src/error.rs @@ -65,7 +65,7 @@ impl fmt::Display for Error { f.write_str(match self { Error::AdTooLong => "associated data is too long", Error::AlgorithmInvalid => "algorithm identifier invalid", - Error::B64Encoding(inner) => return write!(f, "B64 encoding invalid: {}", inner), + Error::B64Encoding(inner) => return write!(f, "B64 encoding invalid: {inner}"), Error::KeyIdTooLong => "key ID is too long", Error::MemoryTooLittle => "memory cost is too small", Error::MemoryTooMuch => "memory cost is too large", diff --git a/argon2/src/lib.rs b/argon2/src/lib.rs index 3951420c..89ea1b69 100644 --- a/argon2/src/lib.rs +++ b/argon2/src/lib.rs @@ -311,7 +311,7 @@ impl<'key> Argon2<'key> { let zero_block = Block::default(); if data_independent_addressing { - (&mut input_block.as_mut()[..6]).copy_from_slice(&[ + input_block.as_mut()[..6].copy_from_slice(&[ pass as u64, lane as u64, slice as u64, @@ -370,7 +370,7 @@ impl<'key> Argon2<'key> { // Cannot reference other lanes yet lane } else { - (rand >> 32) as usize % lanes as usize + (rand >> 32) as usize % lanes }; let reference_area_size = if pass == 0 { @@ -469,25 +469,25 @@ impl<'key> Argon2<'key> { #[allow(clippy::cast_possible_truncation)] fn initial_hash(&self, pwd: &[u8], salt: &[u8], out: &[u8]) -> digest::Output { let mut digest = Blake2b512::new(); - digest.update(&self.params.p_cost().to_le_bytes()); - digest.update(&(out.len() as u32).to_le_bytes()); - digest.update(&self.params.m_cost().to_le_bytes()); - digest.update(&self.params.t_cost().to_le_bytes()); - digest.update(&self.version.to_le_bytes()); - digest.update(&self.algorithm.to_le_bytes()); - digest.update(&(pwd.len() as u32).to_le_bytes()); + digest.update(self.params.p_cost().to_le_bytes()); + digest.update((out.len() as u32).to_le_bytes()); + digest.update(self.params.m_cost().to_le_bytes()); + digest.update(self.params.t_cost().to_le_bytes()); + digest.update(self.version.to_le_bytes()); + digest.update(self.algorithm.to_le_bytes()); + digest.update((pwd.len() as u32).to_le_bytes()); digest.update(pwd); - digest.update(&(salt.len() as u32).to_le_bytes()); + digest.update((salt.len() as u32).to_le_bytes()); digest.update(salt); if let Some(secret) = &self.secret { - digest.update(&(secret.len() as u32).to_le_bytes()); + digest.update((secret.len() as u32).to_le_bytes()); digest.update(secret); } else { digest.update(0u32.to_le_bytes()); } - digest.update(&(self.params.data().len() as u32).to_le_bytes()); + digest.update((self.params.data().len() as u32).to_le_bytes()); digest.update(self.params.data()); digest.finalize() } diff --git a/argon2/src/params.rs b/argon2/src/params.rs index 3983b1f2..a99a05eb 100644 --- a/argon2/src/params.rs +++ b/argon2/src/params.rs @@ -174,7 +174,7 @@ impl Params { /// Get the number of blocks required given the configured `m_cost` and `p_cost`. pub fn block_count(&self) -> usize { - (self.segment_length() * self.lanes() * SYNC_POINTS) as usize + self.segment_length() * self.lanes() * SYNC_POINTS } } diff --git a/argon2/tests/kat.rs b/argon2/tests/kat.rs index 2a052dc9..c3cb73f4 100644 --- a/argon2/tests/kat.rs +++ b/argon2/tests/kat.rs @@ -360,7 +360,7 @@ fn hashtest( assert_eq!(out, expected_raw_hash); // Test hash encoding - let salt_string = SaltString::b64_encode(&salt).unwrap(); + let salt_string = SaltString::b64_encode(salt).unwrap(); let phc_hash = ctx.hash_password(pwd, &salt_string).unwrap().to_string(); assert_eq!(phc_hash, expected_phc_hash); diff --git a/balloon-hash/Cargo.toml b/balloon-hash/Cargo.toml index 9ff7061b..82fe2abf 100644 --- a/balloon-hash/Cargo.toml +++ b/balloon-hash/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "balloon-hash" -version = "0.3.0" +version = "0.4.0-pre" description = "Pure Rust implementation of the Balloon password hashing function" authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" @@ -10,11 +10,11 @@ keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] readme = "README.md" edition = "2021" -rust-version = "1.60" +rust-version = "1.65" [dependencies] digest = { version = "0.10.6", default-features = false } -crypto-bigint = { version = "0.4", default-features = false, features = ["generic-array"] } +crypto-bigint = { version = "0.5", default-features = false, features = ["generic-array"] } # optional dependencies password-hash = { version = "=0.5.0-pre.1", default-features = false, optional = true } diff --git a/balloon-hash/README.md b/balloon-hash/README.md index a417b33d..4bdd744c 100644 --- a/balloon-hash/README.md +++ b/balloon-hash/README.md @@ -26,7 +26,7 @@ This algorithm is first practical password hashing function that provides: ## Minimum Supported Rust Version -Rust **1.60** or higher. +Rust **1.65** or higher. Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. @@ -58,7 +58,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/balloon-hash/badge.svg [docs-link]: https://docs.rs/balloon-hash/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes [build-image]: https://github.com/RustCrypto/password-hashes/workflows/balloon/badge.svg?branch=master&event=push diff --git a/balloon-hash/src/error.rs b/balloon-hash/src/error.rs index ed2d7544..0c497a36 100644 --- a/balloon-hash/src/error.rs +++ b/balloon-hash/src/error.rs @@ -40,7 +40,7 @@ impl fmt::Display for Error { Error::ThreadsTooMany => f.write_str("too many threads"), Error::TimeTooSmall => f.write_str("time cost is too small"), Error::OutputSize { expected, .. } => { - write!(f, "unexpected output size, expected {} bytes", expected) + write!(f, "unexpected output size, expected {expected} bytes") } } } diff --git a/balloon-hash/src/params.rs b/balloon-hash/src/params.rs index 25201469..45c694dc 100644 --- a/balloon-hash/src/params.rs +++ b/balloon-hash/src/params.rs @@ -84,7 +84,7 @@ impl<'a> TryFrom<&'a PasswordHash<'a>> for Params { #[cfg(feature = "password-hash")] #[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))] -impl<'a> TryFrom for ParamsString { +impl TryFrom for ParamsString { type Error = password_hash::Error; fn try_from(params: Params) -> password_hash::Result { @@ -94,7 +94,7 @@ impl<'a> TryFrom for ParamsString { #[cfg(feature = "password-hash")] #[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))] -impl<'a> TryFrom<&Params> for ParamsString { +impl TryFrom<&Params> for ParamsString { type Error = password_hash::Error; fn try_from(params: &Params) -> password_hash::Result { diff --git a/sha-crypt/src/lib.rs b/sha-crypt/src/lib.rs index 0201a62c..8ec3d83c 100644 --- a/sha-crypt/src/lib.rs +++ b/sha-crypt/src/lib.rs @@ -147,7 +147,7 @@ pub fn sha512_crypt( let mut digest_c = digest_a; // Repeatedly run the collected hash value through SHA512 to burn // CPU cycles - for i in 0..params.rounds as usize { + for i in 0..params.rounds { // new hasher let mut hasher = Sha512::default(); @@ -250,7 +250,7 @@ pub fn sha256_crypt( let mut digest_c = digest_a; // Repeatedly run the collected hash value through SHA256 to burn // CPU cycles - for i in 0..params.rounds as usize { + for i in 0..params.rounds { // new hasher let mut hasher = Sha256::default(); @@ -424,8 +424,7 @@ pub fn sha512_check(password: &str, hashed_value: &str) -> Result<(), CheckError if iter.next() != Some("6") { return Err(CheckError::InvalidFormat(format!( - "does not contain SHA512 identifier: '{}'", - SHA512_SALT_PREFIX + "does not contain SHA512 identifier: '{SHA512_SALT_PREFIX}'", ))); } @@ -440,8 +439,7 @@ pub fn sha512_check(password: &str, hashed_value: &str) -> Result<(), CheckError rounds[SHA512_ROUNDS_PREFIX.len()..].parse().map_err(|_| { CheckError::InvalidFormat(format!( - "{} specifier need to be a number", - SHA512_ROUNDS_PREFIX + "{SHA512_ROUNDS_PREFIX} specifier need to be a number", )) })? } else { @@ -504,8 +502,7 @@ pub fn sha256_check(password: &str, hashed_value: &str) -> Result<(), CheckError if iter.next() != Some("5") { return Err(CheckError::InvalidFormat(format!( - "does not contain SHA256 identifier: '{}'", - SHA256_SALT_PREFIX + "does not contain SHA256 identifier: '{SHA256_SALT_PREFIX}'", ))); } @@ -520,8 +517,7 @@ pub fn sha256_check(password: &str, hashed_value: &str) -> Result<(), CheckError rounds[SHA256_ROUNDS_PREFIX.len()..].parse().map_err(|_| { CheckError::InvalidFormat(format!( - "{} specifier need to be a number", - SHA256_ROUNDS_PREFIX + "{SHA256_ROUNDS_PREFIX} specifier need to be a number", )) })? } else { diff --git a/sha-crypt/tests/lib.rs b/sha-crypt/tests/lib.rs index 6a253af2..9c95e661 100644 --- a/sha-crypt/tests/lib.rs +++ b/sha-crypt/tests/lib.rs @@ -172,11 +172,11 @@ fn test_sha512_simple_check_roundtrip() { let pw = "this is my password"; let params = Sha512Params::new(5_000).expect("Rounds error"); - let r = sha512_simple(&pw, ¶ms); + let r = sha512_simple(pw, ¶ms); assert!(r.is_ok()); let hash = r.unwrap(); - let c_r = sha512_check(&pw, &hash); + let c_r = sha512_check(pw, &hash); assert!(c_r.is_ok()); } @@ -186,11 +186,11 @@ fn test_sha256_simple_check_roundtrip() { let pw = "this is my password"; let params = Sha256Params::new(5_000).expect("Rounds error"); - let r = sha256_simple(&pw, ¶ms); + let r = sha256_simple(pw, ¶ms); assert!(r.is_ok()); let hash = r.unwrap(); - let c_r = sha256_check(&pw, &hash); + let c_r = sha256_check(pw, &hash); assert!(c_r.is_ok()); } @@ -199,7 +199,7 @@ fn test_sha256_simple_check_roundtrip() { fn test_sha512_unexpected_prefix() { let pw = "foobar"; let s = "SHOULDNOTBEHERE$6$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0"; - assert!(!sha512_check(pw, s).is_ok()); + assert!(sha512_check(pw, s).is_err()); } #[cfg(feature = "simple")] @@ -207,7 +207,7 @@ fn test_sha512_unexpected_prefix() { fn test_sha256_unexpected_prefix() { let pw = "foobar"; let s = "SHOULDNOTBEHERE$6$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0"; - assert!(!sha256_check(pw, s).is_ok()); + assert!(sha256_check(pw, s).is_err()); } #[cfg(feature = "simple")] @@ -216,7 +216,7 @@ fn test_sha512_wrong_id() { // wrong id '7' let pw = "foobar"; let s = "$7$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0"; - assert!(!sha512_check(pw, s).is_ok()); + assert!(sha512_check(pw, s).is_err()); } #[cfg(feature = "simple")] @@ -225,7 +225,7 @@ fn test_sha256_wrong_id() { // wrong id '7' let pw = "foobar"; let s = "$7$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0"; - assert!(!sha256_check(pw, s).is_ok()); + assert!(sha256_check(pw, s).is_err()); } #[cfg(feature = "simple")] @@ -234,7 +234,7 @@ fn test_sha512_missing_trailing_slash() { // Missing trailing slash let pw = "abc"; let s = "$6$rounds=656000$Ykk6fjI2sU3/uprV$Z6yV/9Z741lfroSSzB9MwxSRnGeI9Z74hBkgNsHuojQJxZ9XjPkHg9jqqGLvWZ586wqnSSx5vrXZdhrMSZZE4"; - assert!(!sha512_check(pw, s).is_ok()); + assert!(sha512_check(pw, s).is_err()); } #[cfg(feature = "simple")] @@ -243,5 +243,5 @@ fn test_sha256_missing_trailing_slash() { // Missing trailing slash let pw = "abc"; let s = "$6$rounds=656000$Ykk6fjI2sU3/uprV$Z6yV/9Z741lfroSSzB9MwxSRnGeI9Z74hBkgNsHuojQJxZ9XjPkHg9jqqGLvWZ586wqnSSx5vrXZdhrMSZZE4"; - assert!(!sha256_check(pw, s).is_ok()); + assert!(sha256_check(pw, s).is_err()); }