RustCrypto · tarcieri · Mar 4, 2023 · Mar 4, 2023
diff --git a/.github/workflows/balloon-hash.yml b/.github/workflows/balloon-hash.yml
@@ -22,7 +22,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.60.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -50,7 +50,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.60.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
     steps:
       - uses: actions/checkout@v3

diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml
@@ -17,7 +17,7 @@ jobs:
       - uses: RustCrypto/actions/cargo-cache@master
       - uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.60.0
+          toolchain: 1.67.0
           components: clippy
           override: true
           profile: minimal

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/argon2/src/blake2b_long.rs b/argon2/src/blake2b_long.rs
@@ -62,7 +62,7 @@ pub fn blake2b_long(inputs: &[&[u8]], out: &mut [u8]) -> Result<()> {
             out_len - counter > 64
         })
     {
-        last_output = Blake2b512::digest(&last_output);
+        last_output = Blake2b512::digest(last_output);
         chunk.copy_from_slice(&last_output[..half_hash_len]);
     }
 

diff --git a/argon2/src/error.rs b/argon2/src/error.rs
@@ -65,7 +65,7 @@ impl fmt::Display for Error {
         f.write_str(match self {
             Error::AdTooLong => "associated data is too long",
             Error::AlgorithmInvalid => "algorithm identifier invalid",
-            Error::B64Encoding(inner) => return write!(f, "B64 encoding invalid: {}", inner),
+            Error::B64Encoding(inner) => return write!(f, "B64 encoding invalid: {inner}"),
             Error::KeyIdTooLong => "key ID is too long",
             Error::MemoryTooLittle => "memory cost is too small",
             Error::MemoryTooMuch => "memory cost is too large",

diff --git a/argon2/src/lib.rs b/argon2/src/lib.rs
@@ -311,7 +311,7 @@ impl<'key> Argon2<'key> {
                     let zero_block = Block::default();
 
                     if data_independent_addressing {
-                        (&mut input_block.as_mut()[..6]).copy_from_slice(&[
+                        input_block.as_mut()[..6].copy_from_slice(&[
                             pass as u64,
                             lane as u64,
                             slice as u64,
@@ -370,7 +370,7 @@ impl<'key> Argon2<'key> {
                             // Cannot reference other lanes yet
                             lane
                         } else {
-                            (rand >> 32) as usize % lanes as usize
+                            (rand >> 32) as usize % lanes
                         };
 
                         let reference_area_size = if pass == 0 {
@@ -469,25 +469,25 @@ impl<'key> Argon2<'key> {
     #[allow(clippy::cast_possible_truncation)]
     fn initial_hash(&self, pwd: &[u8], salt: &[u8], out: &[u8]) -> digest::Output<Blake2b512> {
         let mut digest = Blake2b512::new();
-        digest.update(&self.params.p_cost().to_le_bytes());
-        digest.update(&(out.len() as u32).to_le_bytes());
-        digest.update(&self.params.m_cost().to_le_bytes());
-        digest.update(&self.params.t_cost().to_le_bytes());
-        digest.update(&self.version.to_le_bytes());
-        digest.update(&self.algorithm.to_le_bytes());
-        digest.update(&(pwd.len() as u32).to_le_bytes());
+        digest.update(self.params.p_cost().to_le_bytes());
+        digest.update((out.len() as u32).to_le_bytes());
+        digest.update(self.params.m_cost().to_le_bytes());
+        digest.update(self.params.t_cost().to_le_bytes());
+        digest.update(self.version.to_le_bytes());
+        digest.update(self.algorithm.to_le_bytes());
+        digest.update((pwd.len() as u32).to_le_bytes());
         digest.update(pwd);
-        digest.update(&(salt.len() as u32).to_le_bytes());
+        digest.update((salt.len() as u32).to_le_bytes());
         digest.update(salt);
 
         if let Some(secret) = &self.secret {
-            digest.update(&(secret.len() as u32).to_le_bytes());
+            digest.update((secret.len() as u32).to_le_bytes());
             digest.update(secret);
         } else {
             digest.update(0u32.to_le_bytes());
         }
 
-        digest.update(&(self.params.data().len() as u32).to_le_bytes());
+        digest.update((self.params.data().len() as u32).to_le_bytes());
         digest.update(self.params.data());
         digest.finalize()
     }

diff --git a/argon2/src/params.rs b/argon2/src/params.rs
@@ -174,7 +174,7 @@ impl Params {
 
     /// Get the number of blocks required given the configured `m_cost` and `p_cost`.
     pub fn block_count(&self) -> usize {
-        (self.segment_length() * self.lanes() * SYNC_POINTS) as usize
+        self.segment_length() * self.lanes() * SYNC_POINTS
     }
 }
 

diff --git a/argon2/tests/kat.rs b/argon2/tests/kat.rs
@@ -360,7 +360,7 @@ fn hashtest(
     assert_eq!(out, expected_raw_hash);
 
     // Test hash encoding
-    let salt_string = SaltString::b64_encode(&salt).unwrap();
+    let salt_string = SaltString::b64_encode(salt).unwrap();
     let phc_hash = ctx.hash_password(pwd, &salt_string).unwrap().to_string();
     assert_eq!(phc_hash, expected_phc_hash);
 

diff --git a/balloon-hash/Cargo.toml b/balloon-hash/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "balloon-hash"
-version = "0.3.0"
+version = "0.4.0-pre"
 description = "Pure Rust implementation of the Balloon password hashing function"
 authors = ["RustCrypto Developers"]
 license = "MIT OR Apache-2.0"
@@ -10,11 +10,11 @@ keywords = ["crypto", "hashing", "password", "phf"]
 categories = ["authentication", "cryptography", "no-std"]
 readme = "README.md"
 edition = "2021"
-rust-version = "1.60"
+rust-version = "1.65"
 
 [dependencies]
 digest = { version = "0.10.6", default-features = false }
-crypto-bigint = { version = "0.4", default-features = false, features = ["generic-array"] }
+crypto-bigint = { version = "0.5", default-features = false, features = ["generic-array"] }
 
 # optional dependencies
 password-hash = { version = "=0.5.0-pre.1", default-features = false, optional = true }

diff --git a/balloon-hash/README.md b/balloon-hash/README.md
@@ -26,7 +26,7 @@ This algorithm is first practical password hashing function that provides:
 
 ## Minimum Supported Rust Version
 
-Rust **1.60** or higher.
+Rust **1.65** or higher.
 
 Minimum supported Rust version can be changed in the future, but it will be
 done with a minor version bump.
@@ -58,7 +58,7 @@ dual licensed as above, without any additional terms or conditions.
 [docs-image]: https://docs.rs/balloon-hash/badge.svg
 [docs-link]: https://docs.rs/balloon-hash/
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes
 [build-image]: https://github.com/RustCrypto/password-hashes/workflows/balloon/badge.svg?branch=master&event=push

diff --git a/balloon-hash/src/error.rs b/balloon-hash/src/error.rs
@@ -40,7 +40,7 @@ impl fmt::Display for Error {
             Error::ThreadsTooMany => f.write_str("too many threads"),
             Error::TimeTooSmall => f.write_str("time cost is too small"),
             Error::OutputSize { expected, .. } => {
-                write!(f, "unexpected output size, expected {} bytes", expected)
+                write!(f, "unexpected output size, expected {expected} bytes")
             }
         }
     }

diff --git a/balloon-hash/src/params.rs b/balloon-hash/src/params.rs
@@ -84,7 +84,7 @@ impl<'a> TryFrom<&'a PasswordHash<'a>> for Params {
 
 #[cfg(feature = "password-hash")]
 #[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
-impl<'a> TryFrom<Params> for ParamsString {
+impl TryFrom<Params> for ParamsString {
     type Error = password_hash::Error;
 
     fn try_from(params: Params) -> password_hash::Result<ParamsString> {
@@ -94,7 +94,7 @@ impl<'a> TryFrom<Params> for ParamsString {
 
 #[cfg(feature = "password-hash")]
 #[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
-impl<'a> TryFrom<&Params> for ParamsString {
+impl TryFrom<&Params> for ParamsString {
     type Error = password_hash::Error;
 
     fn try_from(params: &Params) -> password_hash::Result<ParamsString> {

diff --git a/sha-crypt/src/lib.rs b/sha-crypt/src/lib.rs
@@ -147,7 +147,7 @@ pub fn sha512_crypt(
     let mut digest_c = digest_a;
     // Repeatedly run the collected hash value through SHA512 to burn
     // CPU cycles
-    for i in 0..params.rounds as usize {
+    for i in 0..params.rounds {
         // new hasher
         let mut hasher = Sha512::default();
 
@@ -250,7 +250,7 @@ pub fn sha256_crypt(
     let mut digest_c = digest_a;
     // Repeatedly run the collected hash value through SHA256 to burn
     // CPU cycles
-    for i in 0..params.rounds as usize {
+    for i in 0..params.rounds {
         // new hasher
         let mut hasher = Sha256::default();
 
@@ -424,8 +424,7 @@ pub fn sha512_check(password: &str, hashed_value: &str) -> Result<(), CheckError
 
     if iter.next() != Some("6") {
         return Err(CheckError::InvalidFormat(format!(
-            "does not contain SHA512 identifier: '{}'",
-            SHA512_SALT_PREFIX
+            "does not contain SHA512 identifier: '{SHA512_SALT_PREFIX}'",
         )));
     }
 
@@ -440,8 +439,7 @@ pub fn sha512_check(password: &str, hashed_value: &str) -> Result<(), CheckError
 
         rounds[SHA512_ROUNDS_PREFIX.len()..].parse().map_err(|_| {
             CheckError::InvalidFormat(format!(
-                "{} specifier need to be a number",
-                SHA512_ROUNDS_PREFIX
+                "{SHA512_ROUNDS_PREFIX} specifier need to be a number",
             ))
         })?
     } else {
@@ -504,8 +502,7 @@ pub fn sha256_check(password: &str, hashed_value: &str) -> Result<(), CheckError
 
     if iter.next() != Some("5") {
         return Err(CheckError::InvalidFormat(format!(
-            "does not contain SHA256 identifier: '{}'",
-            SHA256_SALT_PREFIX
+            "does not contain SHA256 identifier: '{SHA256_SALT_PREFIX}'",
         )));
     }
 
@@ -520,8 +517,7 @@ pub fn sha256_check(password: &str, hashed_value: &str) -> Result<(), CheckError
 
         rounds[SHA256_ROUNDS_PREFIX.len()..].parse().map_err(|_| {
             CheckError::InvalidFormat(format!(
-                "{} specifier need to be a number",
-                SHA256_ROUNDS_PREFIX
+                "{SHA256_ROUNDS_PREFIX} specifier need to be a number",
             ))
         })?
     } else {

diff --git a/sha-crypt/tests/lib.rs b/sha-crypt/tests/lib.rs
@@ -172,11 +172,11 @@ fn test_sha512_simple_check_roundtrip() {
     let pw = "this is my password";
     let params = Sha512Params::new(5_000).expect("Rounds error");
 
-    let r = sha512_simple(&pw, &params);
+    let r = sha512_simple(pw, &params);
     assert!(r.is_ok());
     let hash = r.unwrap();
 
-    let c_r = sha512_check(&pw, &hash);
+    let c_r = sha512_check(pw, &hash);
     assert!(c_r.is_ok());
 }
 
@@ -186,11 +186,11 @@ fn test_sha256_simple_check_roundtrip() {
     let pw = "this is my password";
     let params = Sha256Params::new(5_000).expect("Rounds error");
 
-    let r = sha256_simple(&pw, &params);
+    let r = sha256_simple(pw, &params);
     assert!(r.is_ok());
     let hash = r.unwrap();
 
-    let c_r = sha256_check(&pw, &hash);
+    let c_r = sha256_check(pw, &hash);
     assert!(c_r.is_ok());
 }
 
@@ -199,15 +199,15 @@ fn test_sha256_simple_check_roundtrip() {
 fn test_sha512_unexpected_prefix() {
     let pw = "foobar";
     let s = "SHOULDNOTBEHERE$6$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0";
-    assert!(!sha512_check(pw, s).is_ok());
+    assert!(sha512_check(pw, s).is_err());
 }
 
 #[cfg(feature = "simple")]
 #[test]
 fn test_sha256_unexpected_prefix() {
     let pw = "foobar";
     let s = "SHOULDNOTBEHERE$6$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0";
-    assert!(!sha256_check(pw, s).is_ok());
+    assert!(sha256_check(pw, s).is_err());
 }
 
 #[cfg(feature = "simple")]
@@ -216,7 +216,7 @@ fn test_sha512_wrong_id() {
     // wrong id '7'
     let pw = "foobar";
     let s = "$7$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0";
-    assert!(!sha512_check(pw, s).is_ok());
+    assert!(sha512_check(pw, s).is_err());
 }
 
 #[cfg(feature = "simple")]
@@ -225,7 +225,7 @@ fn test_sha256_wrong_id() {
     // wrong id '7'
     let pw = "foobar";
     let s = "$7$rounds=100000$exn6tVc2j/MZD8uG$BI1Xh8qQSK9J4m14uwy7abn.ctj/TIAzlaVCto0MQrOFIeTXsc1iwzH16XEWo/a7c7Y9eVJvufVzYAs4EsPOy0";
-    assert!(!sha256_check(pw, s).is_ok());
+    assert!(sha256_check(pw, s).is_err());
 }
 
 #[cfg(feature = "simple")]
@@ -234,7 +234,7 @@ fn test_sha512_missing_trailing_slash() {
     // Missing trailing slash
     let pw = "abc";
     let s = "$6$rounds=656000$Ykk6fjI2sU3/uprV$Z6yV/9Z741lfroSSzB9MwxSRnGeI9Z74hBkgNsHuojQJxZ9XjPkHg9jqqGLvWZ586wqnSSx5vrXZdhrMSZZE4";
-    assert!(!sha512_check(pw, s).is_ok());
+    assert!(sha512_check(pw, s).is_err());
 }
 
 #[cfg(feature = "simple")]
@@ -243,5 +243,5 @@ fn test_sha256_missing_trailing_slash() {
     // Missing trailing slash
     let pw = "abc";
     let s = "$6$rounds=656000$Ykk6fjI2sU3/uprV$Z6yV/9Z741lfroSSzB9MwxSRnGeI9Z74hBkgNsHuojQJxZ9XjPkHg9jqqGLvWZ586wqnSSx5vrXZdhrMSZZE4";
-    assert!(!sha256_check(pw, s).is_ok());
+    assert!(sha256_check(pw, s).is_err());
 }