From 0457970c080c7a3688529682520d4c57a42be2f9 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:00:48 -0800 Subject: [PATCH 01/18] argon2: bump to edition 2024; msrv 1.85 --- .github/workflows/argon2.yml | 8 ++++---- Cargo.toml | 3 +++ argon2/Cargo.toml | 6 +++--- argon2/README.md | 10 +--------- argon2/src/blake2b_long.rs | 2 +- argon2/src/lib.rs | 8 ++++---- argon2/src/params.rs | 2 +- argon2/tests/phc_strings.rs | 31 ++++++++++++++++++++----------- 8 files changed, 37 insertions(+), 33 deletions(-) diff --git a/.github/workflows/argon2.yml b/.github/workflows/argon2.yml index 9c49a6b4..55dc1255 100644 --- a/.github/workflows/argon2.yml +++ b/.github/workflows/argon2.yml @@ -23,7 +23,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -52,7 +52,7 @@ jobs: include: # 32-bit Linux - target: i686-unknown-linux-gnu - rust: 1.81.0 # MSRV + rust: 1.85.0 # MSRV deps: sudo apt update && sudo apt install gcc-multilib - target: i686-unknown-linux-gnu rust: stable @@ -60,7 +60,7 @@ jobs: # 64-bit Linux - target: x86_64-unknown-linux-gnu - rust: 1.81.0 # MSRV + rust: 1.85.0 # MSRV - target: x86_64-unknown-linux-gnu rust: stable steps: @@ -89,7 +89,7 @@ jobs: matrix: include: - target: powerpc-unknown-linux-gnu - rust: 1.81.0 # MSRV + rust: 1.85.0 # MSRV - target: powerpc-unknown-linux-gnu rust: stable runs-on: ubuntu-latest diff --git a/Cargo.toml b/Cargo.toml index 6c986962..f666bd7b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,3 +14,6 @@ exclude = ["benches", "fuzz"] [profile.dev] opt-level = 2 + +[patch.crates-io] +password-hash = { git = "https://github.com/RustCrypto/traits.git" } diff --git a/argon2/Cargo.toml b/argon2/Cargo.toml index 5ece234e..22c011d6 100644 --- a/argon2/Cargo.toml +++ b/argon2/Cargo.toml @@ -13,8 +13,8 @@ repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] readme = "README.md" -edition = "2021" -rust-version = "1.81" +edition = "2024" +rust-version = "1.85" [dependencies] base64ct = "1" @@ -34,7 +34,7 @@ password-hash = { version = "0.6.0-rc.0", features = ["rand_core"] } [features] default = ["alloc", "password-hash", "rand"] alloc = ["password-hash?/alloc"] -std = ["alloc", "password-hash?/std"] +std = ["alloc", "password-hash?/os_rng"] rand = ["password-hash?/rand_core"] simple = ["password-hash"] diff --git a/argon2/README.md b/argon2/README.md index 97816e32..d828487f 100644 --- a/argon2/README.md +++ b/argon2/README.md @@ -23,17 +23,9 @@ It implements the following three algorithmic variants: Support is provided for embedded (i.e. `no_std`) environments, including ones without `alloc` support. -## Minimum Supported Rust Version - -Rust **1.81** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above ## License @@ -57,7 +49,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/argon2/badge.svg [docs-link]: https://docs.rs/argon2/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.81+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes [build-image]: https://github.com/RustCrypto/password-hashes/workflows/argon2/badge.svg?branch=master&event=push diff --git a/argon2/src/blake2b_long.rs b/argon2/src/blake2b_long.rs index 47d4742e..03e4d1e9 100644 --- a/argon2/src/blake2b_long.rs +++ b/argon2/src/blake2b_long.rs @@ -3,8 +3,8 @@ use crate::{Error, Result}; use blake2::{ - digest::{self, Digest, VariableOutput}, Blake2b512, Blake2bVar, + digest::{self, Digest, VariableOutput}, }; use core::convert::TryFrom; diff --git a/argon2/src/lib.rs b/argon2/src/lib.rs index b3e8468d..d8a3627f 100644 --- a/argon2/src/lib.rs +++ b/argon2/src/lib.rs @@ -46,7 +46,7 @@ //! }; //! //! let password = b"hunter42"; // Bad password; don't actually use! -//! let salt = SaltString::generate(&mut OsRng); +//! let salt = SaltString::try_from_rng(&mut OsRng).unwrap(); //! //! // Argon2 with default params (Argon2id v19) //! let argon2 = Argon2::default(); @@ -84,7 +84,7 @@ //! }; //! //! let password = b"hunter42"; // Bad password; don't actually use! -//! let salt = SaltString::generate(&mut OsRng); +//! let salt = SaltString::try_from_rng(&mut OsRng).unwrap(); //! //! // Argon2 with default params (Argon2id v19) and pepper //! let argon2 = Argon2::new_with_secret( @@ -168,12 +168,12 @@ pub use crate::{ #[cfg(feature = "password-hash")] #[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))] pub use { - crate::algorithm::{ARGON2D_IDENT, ARGON2ID_IDENT, ARGON2I_IDENT}, + crate::algorithm::{ARGON2D_IDENT, ARGON2I_IDENT, ARGON2ID_IDENT}, password_hash::{self, PasswordHash, PasswordHasher, PasswordVerifier}, }; use crate::blake2b_long::blake2b_long; -use blake2::{digest, Blake2b512, Digest}; +use blake2::{Blake2b512, Digest, digest}; use core::fmt; #[cfg(all(feature = "alloc", feature = "password-hash"))] diff --git a/argon2/src/params.rs b/argon2/src/params.rs index edfc005b..12c23a31 100644 --- a/argon2/src/params.rs +++ b/argon2/src/params.rs @@ -1,6 +1,6 @@ //! Argon2 password hash parameters. -use crate::{Algorithm, Argon2, Error, Result, Version, SYNC_POINTS}; +use crate::{Algorithm, Argon2, Error, Result, SYNC_POINTS, Version}; use base64ct::{Base64Unpadded as B64, Encoding}; use core::str::FromStr; diff --git a/argon2/tests/phc_strings.rs b/argon2/tests/phc_strings.rs index 753986b7..07e52fa9 100644 --- a/argon2/tests/phc_strings.rs +++ b/argon2/tests/phc_strings.rs @@ -9,8 +9,8 @@ use argon2::{ PasswordVerifier, Version, }; use password_hash::{ - errors::{Error, InvalidValue}, SaltString, + errors::{Error, InvalidValue}, }; /// Valid password @@ -48,9 +48,11 @@ fn verifies_correct_password() { fn rejects_incorrect_password() { for hash_string in VALID_PASSWORD_HASHES { let hash = PasswordHash::new(hash_string).unwrap(); - assert!(Argon2::default() - .verify_password(INVALID_PASSWORD, &hash) - .is_err()); + assert!( + Argon2::default() + .verify_password(INVALID_PASSWORD, &hash) + .is_err() + ); } } @@ -154,9 +156,11 @@ fn check_decoding_supports_out_of_order_parameters() { // parameters order is not mandatory let hash = "$argon2d$v=16$m=32,t=2,p=3,keyid=8PDw8A,data=Dw8PDw8P$AAAAAAAAAAA$KnH4gniiaFnDvlA1xev3yovC4cnrrI6tnHOYtmja90o"; let hash = PasswordHash::new(hash).unwrap(); - assert!(Argon2::default() - .verify_password(b"password", &hash) - .is_ok()); + assert!( + Argon2::default() + .verify_password(b"password", &hash) + .is_ok() + ); } // TODO: Fix default parameters for decoding ! @@ -166,9 +170,11 @@ fn check_decoding_supports_default_parameters() { // parameters order is not mandatory let hash = "$argon2i$p=2,m=256,t=2$c29tZXNhbHQ$tsEVYKap1h6scGt5ovl9aLRGOqOth+AMB+KwHpDFZPs"; let hash = PasswordHash::new(hash).unwrap(); - assert!(Argon2::default() - .verify_password(b"password", &hash) - .is_ok()); + assert!( + Argon2::default() + .verify_password(b"password", &hash) + .is_ok() + ); } // m/t/p parameters are NOT optional according to spec @@ -216,5 +222,8 @@ fn check_hash_encoding_parameters_order() { .to_string(); // The parameters shall appear in the m,t,p,keyid,data order - assert_eq!(password_hash, "$argon2d$v=16$m=32,t=2,p=3,keyid=8PDw8A,data=Dw8PDw8P$AAAAAAAAAAA$KnH4gniiaFnDvlA1xev3yovC4cnrrI6tnHOYtmja90o"); + assert_eq!( + password_hash, + "$argon2d$v=16$m=32,t=2,p=3,keyid=8PDw8A,data=Dw8PDw8P$AAAAAAAAAAA$KnH4gniiaFnDvlA1xev3yovC4cnrrI6tnHOYtmja90o" + ); } From bc6406dbded49ce76aeafe705b348ad040bfa640 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:03:49 -0800 Subject: [PATCH 02/18] balloon-hash: bump to edition 2024; msrv 1.85 --- .github/workflows/balloon-hash.yml | 4 ++-- Cargo.lock | 1 + balloon-hash/Cargo.toml | 7 ++++--- balloon-hash/README.md | 9 +-------- balloon-hash/src/balloon.rs | 2 +- balloon-hash/src/lib.rs | 2 +- balloon-hash/src/params.rs | 2 +- 7 files changed, 11 insertions(+), 16 deletions(-) diff --git a/.github/workflows/balloon-hash.yml b/.github/workflows/balloon-hash.yml index fb45eb2d..3492ce8a 100644 --- a/.github/workflows/balloon-hash.yml +++ b/.github/workflows/balloon-hash.yml @@ -22,7 +22,7 @@ jobs: strategy: matrix: rust: - - 1.83.0 # MSRV + - 1.85.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -48,7 +48,7 @@ jobs: strategy: matrix: rust: - - 1.83.0 # MSRV + - 1.85.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff --git a/Cargo.lock b/Cargo.lock index 609dbb56..2be8da9b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -28,6 +28,7 @@ dependencies = [ "digest", "hex-literal", "password-hash", + "rand_core 0.9.2", "rayon", "sha2", "zeroize", diff --git a/balloon-hash/Cargo.toml b/balloon-hash/Cargo.toml index 59208b38..6df6666c 100644 --- a/balloon-hash/Cargo.toml +++ b/balloon-hash/Cargo.toml @@ -10,12 +10,13 @@ repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] readme = "README.md" -edition = "2021" -rust-version = "1.83" +edition = "2024" +rust-version = "1.85" [dependencies] digest = { version = "=0.11.0-pre.9", default-features = false } crypto-bigint = { version = "0.6", default-features = false, features = ["hybrid-array"] } +rand_core = { version = "0.9", default-features = false } # optional dependencies password-hash = { version = "0.6.0-rc.0", default-features = false, optional = true } @@ -31,7 +32,7 @@ default = ["alloc", "password-hash", "rand"] alloc = ["password-hash/alloc"] parallel = ["rayon", "std"] rand = ["password-hash/rand_core"] -std = ["alloc", "password-hash/std"] +std = ["alloc", "password-hash/os_rng", "rand_core/std"] zeroize = ["dep:zeroize"] [package.metadata.docs.rs] diff --git a/balloon-hash/README.md b/balloon-hash/README.md index bcbea782..8ec84507 100644 --- a/balloon-hash/README.md +++ b/balloon-hash/README.md @@ -22,13 +22,6 @@ This algorithm is first practical password hashing function that provides: - Performance which meets or exceeds the best heuristically secure password-hashing algorithms -## Minimum Supported Rust Version - -Rust **1.83** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer @@ -56,7 +49,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/balloon-hash/badge.svg [docs-link]: https://docs.rs/balloon-hash/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.83+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes [build-image]: https://github.com/RustCrypto/password-hashes/actions/workflows/balloon-hash.yml/badge.svg diff --git a/balloon-hash/src/balloon.rs b/balloon-hash/src/balloon.rs index 42cc76d5..c2c11b2f 100644 --- a/balloon-hash/src/balloon.rs +++ b/balloon-hash/src/balloon.rs @@ -1,5 +1,5 @@ -use crate::error::{Error, Result}; use crate::Params; +use crate::error::{Error, Result}; use core::mem; use crypto_bigint::{ArrayDecoding, ArrayEncoding, NonZero}; use digest::array::Array; diff --git a/balloon-hash/src/lib.rs b/balloon-hash/src/lib.rs index 13d41f91..fd909508 100644 --- a/balloon-hash/src/lib.rs +++ b/balloon-hash/src/lib.rs @@ -42,7 +42,7 @@ //! use sha2::Sha256; //! //! let password = b"hunter42"; // Bad password; don't actually use! -//! let salt = SaltString::generate(&mut OsRng); +//! let salt = SaltString::try_from_rng(&mut OsRng)?; //! //! // Balloon with default params //! let balloon = Balloon::::default(); diff --git a/balloon-hash/src/params.rs b/balloon-hash/src/params.rs index 45c694dc..400ffbc2 100644 --- a/balloon-hash/src/params.rs +++ b/balloon-hash/src/params.rs @@ -4,7 +4,7 @@ use crate::{Error, Result}; use core::num::NonZeroU32; #[cfg(feature = "password-hash")] -use password_hash::{errors::InvalidValue, ParamsString, PasswordHash}; +use password_hash::{ParamsString, PasswordHash, errors::InvalidValue}; /// Balloon password hash parameters. /// From 42a6d7d702e655b7b7f7864cba9aae021eae04da Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:05:00 -0800 Subject: [PATCH 03/18] pbkdf2: bump to edition 2024; msrv 1.85 --- .github/workflows/pbkdf2.yml | 4 ++-- pbkdf2/Cargo.toml | 6 +++--- pbkdf2/README.md | 10 +--------- pbkdf2/src/lib.rs | 6 +++--- pbkdf2/src/simple.rs | 4 ++-- pbkdf2/tests/simple.rs | 2 +- 6 files changed, 12 insertions(+), 20 deletions(-) diff --git a/.github/workflows/pbkdf2.yml b/.github/workflows/pbkdf2.yml index 8c636b0f..8b683e8c 100644 --- a/.github/workflows/pbkdf2.yml +++ b/.github/workflows/pbkdf2.yml @@ -22,7 +22,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -47,7 +47,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff --git a/pbkdf2/Cargo.toml b/pbkdf2/Cargo.toml index e4fcb349..98244ae8 100644 --- a/pbkdf2/Cargo.toml +++ b/pbkdf2/Cargo.toml @@ -10,8 +10,8 @@ repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] readme = "README.md" -edition = "2021" -rust-version = "1.81" +edition = "2024" +rust-version = "1.85" [dependencies] digest = { version = "=0.11.0-pre.9", features = ["mac"] } @@ -32,7 +32,7 @@ streebog = "=0.11.0-pre.4" [features] default = ["hmac"] -std = ["password-hash/std"] +std = ["password-hash/os_rng"] parallel = ["rayon", "std"] simple = ["hmac", "password-hash", "sha2"] diff --git a/pbkdf2/README.md b/pbkdf2/README.md index fac37472..95550b5f 100644 --- a/pbkdf2/README.md +++ b/pbkdf2/README.md @@ -9,17 +9,9 @@ Pure Rust implementation of the [Password-Based Key Derivation Function v2 (PBKDF2)][1]. -## Minimum Supported Rust Version - -Rust **1.81** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above ## License @@ -43,7 +35,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/pbkdf2/badge.svg [docs-link]: https://docs.rs/pbkdf2/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.81+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes [build-image]: https://github.com/RustCrypto/password-hashes/workflows/pbkdf2/badge.svg?branch=master&event=push diff --git a/pbkdf2/src/lib.rs b/pbkdf2/src/lib.rs index 017aa174..60a686f8 100644 --- a/pbkdf2/src/lib.rs +++ b/pbkdf2/src/lib.rs @@ -61,7 +61,7 @@ //! }; //! //! let password = b"hunter42"; // Bad password; don't actually use! -//! let salt = SaltString::generate(&mut OsRng); +//! let salt = SaltString::try_from_rng(&mut OsRng).unwrap(); //! //! // Hash password to PHC string ($pbkdf2-sha256$...) //! let password_hash = Pbkdf2.hash_password(password, &salt)?.to_string(); @@ -103,14 +103,14 @@ pub use crate::simple::{Algorithm, Params, Pbkdf2}; #[cfg(feature = "parallel")] use rayon::prelude::*; -use digest::{typenum::Unsigned, FixedOutput, InvalidLength, KeyInit, Update}; +use digest::{FixedOutput, InvalidLength, KeyInit, Update, typenum::Unsigned}; #[cfg(feature = "hmac")] use digest::{ + HashMarker, block_buffer::Eager, core_api::{BlockSizeUser, BufferKindUser, FixedOutputCore, UpdateCore}, typenum::{IsLess, Le, NonZero, U256}, - HashMarker, }; #[inline(always)] diff --git a/pbkdf2/src/simple.rs b/pbkdf2/src/simple.rs index a071a827..7a542f75 100644 --- a/pbkdf2/src/simple.rs +++ b/pbkdf2/src/simple.rs @@ -3,8 +3,8 @@ use crate::pbkdf2_hmac; use core::{cmp::Ordering, fmt, str::FromStr}; use password_hash::{ - errors::InvalidValue, Decimal, Error, Ident, Output, ParamsString, PasswordHash, - PasswordHasher, Result, Salt, + Decimal, Error, Ident, Output, ParamsString, PasswordHash, PasswordHasher, Result, Salt, + errors::InvalidValue, }; use sha2::{Sha256, Sha512}; diff --git a/pbkdf2/tests/simple.rs b/pbkdf2/tests/simple.rs index 82f34dbb..48118624 100644 --- a/pbkdf2/tests/simple.rs +++ b/pbkdf2/tests/simple.rs @@ -6,8 +6,8 @@ use hex_literal::hex; use pbkdf2::{ - password_hash::{PasswordHasher, Salt}, Algorithm, Params, Pbkdf2, + password_hash::{PasswordHasher, Salt}, }; const PASSWORD: &str = "password"; From 3d590f108a79f8175965164cdffc1136f9f23c15 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:09:09 -0800 Subject: [PATCH 04/18] scrypt: bump to edition 2024; msrv 1.85 --- .github/workflows/scrypt.yml | 4 ++-- scrypt/Cargo.toml | 7 +++---- scrypt/README.md | 9 +-------- scrypt/src/errors.rs | 6 ++---- scrypt/src/lib.rs | 4 +--- scrypt/src/params.rs | 2 +- scrypt/src/romix.rs | 2 +- scrypt/src/simple.rs | 2 +- scrypt/tests/mod.rs | 2 +- 9 files changed, 13 insertions(+), 25 deletions(-) diff --git a/.github/workflows/scrypt.yml b/.github/workflows/scrypt.yml index 43d09fd7..082f37a6 100644 --- a/.github/workflows/scrypt.yml +++ b/.github/workflows/scrypt.yml @@ -22,7 +22,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -49,7 +49,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff --git a/scrypt/Cargo.toml b/scrypt/Cargo.toml index c2725575..39682336 100644 --- a/scrypt/Cargo.toml +++ b/scrypt/Cargo.toml @@ -10,8 +10,8 @@ homepage = "https://github.com/RustCrypto/password-hashes/tree/master/scrypt" repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] -edition = "2021" -rust-version = "1.81" +edition = "2024" +rust-version = "1.85" [dependencies] pbkdf2 = { version = "=0.13.0-pre.1", path = "../pbkdf2" } @@ -25,9 +25,8 @@ password-hash = { version = "0.6.0-rc.0", default-features = false, features = [ password-hash = { version = "0.6.0-rc.0", features = ["rand_core"] } [features] -default = ["simple", "std"] +default = ["simple"] simple = ["password-hash"] -std = ["password-hash/std"] [package.metadata.docs.rs] all-features = true diff --git a/scrypt/README.md b/scrypt/README.md index b73a09e2..e7382b0b 100644 --- a/scrypt/README.md +++ b/scrypt/README.md @@ -9,13 +9,6 @@ Pure Rust implementation of the [scrypt key derivation function][1]. -## Minimum Supported Rust Version - -Rust **1.81** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer @@ -43,7 +36,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/scrypt/badge.svg [docs-link]: https://docs.rs/scrypt/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.81+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes [build-image]: https://github.com/RustCrypto/password-hashes/workflows/scrypt/badge.svg?branch=master&event=push diff --git a/scrypt/src/errors.rs b/scrypt/src/errors.rs index 79f068d3..5b9693e9 100644 --- a/scrypt/src/errors.rs +++ b/scrypt/src/errors.rs @@ -14,8 +14,7 @@ impl fmt::Display for InvalidOutputLen { } } -#[cfg(feature = "std")] -impl std::error::Error for InvalidOutputLen {} +impl core::error::Error for InvalidOutputLen {} impl fmt::Display for InvalidParams { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { @@ -23,5 +22,4 @@ impl fmt::Display for InvalidParams { } } -#[cfg(feature = "std")] -impl std::error::Error for InvalidParams {} +impl core::error::Error for InvalidParams {} diff --git a/scrypt/src/lib.rs b/scrypt/src/lib.rs index 2076dbb9..ca42860c 100644 --- a/scrypt/src/lib.rs +++ b/scrypt/src/lib.rs @@ -51,8 +51,6 @@ #[macro_use] extern crate alloc; -#[cfg(feature = "std")] -extern crate std; use pbkdf2::pbkdf2_hmac; use sha2::Sha256; @@ -71,7 +69,7 @@ pub use crate::params::Params; pub use password_hash; #[cfg(feature = "simple")] -pub use crate::simple::{Scrypt, ALG_ID}; +pub use crate::simple::{ALG_ID, Scrypt}; /// The scrypt key derivation function. /// diff --git a/scrypt/src/params.rs b/scrypt/src/params.rs index 449f758b..c034076e 100644 --- a/scrypt/src/params.rs +++ b/scrypt/src/params.rs @@ -3,7 +3,7 @@ use core::mem::size_of; use crate::errors::InvalidParams; #[cfg(feature = "simple")] -use password_hash::{errors::InvalidValue, Error, ParamsString, PasswordHash}; +use password_hash::{Error, ParamsString, PasswordHash, errors::InvalidValue}; /// The Scrypt parameter values. #[derive(Clone, Copy, Debug, PartialEq)] diff --git a/scrypt/src/romix.rs b/scrypt/src/romix.rs index f6802f7e..bd3c56dd 100644 --- a/scrypt/src/romix.rs +++ b/scrypt/src/romix.rs @@ -35,8 +35,8 @@ pub(crate) fn scrypt_ro_mix(b: &mut [u8], v: &mut [u8], t: &mut [u8], n: usize) /// output - the output vector. Must be the same length as input. fn scrypt_block_mix(input: &[u8], output: &mut [u8]) { use salsa20::{ - cipher::{typenum::U4, StreamCipherCore}, SalsaCore, + cipher::{StreamCipherCore, typenum::U4}, }; type Salsa20_8 = SalsaCore; diff --git a/scrypt/src/simple.rs b/scrypt/src/simple.rs index 3053b1bb..2ee3d200 100644 --- a/scrypt/src/simple.rs +++ b/scrypt/src/simple.rs @@ -1,6 +1,6 @@ //! Implementation of the `password-hash` crate API. -use crate::{scrypt, Params}; +use crate::{Params, scrypt}; use core::cmp::Ordering; use password_hash::{Decimal, Error, Ident, Output, PasswordHash, PasswordHasher, Result, Salt}; diff --git a/scrypt/tests/mod.rs b/scrypt/tests/mod.rs index 4800e60f..8c88a2cd 100644 --- a/scrypt/tests/mod.rs +++ b/scrypt/tests/mod.rs @@ -1,4 +1,4 @@ -use scrypt::{scrypt, Params}; +use scrypt::{Params, scrypt}; #[cfg(feature = "simple")] use { From 16fc04fd3f75bfab1e77a1e8752855bedf0dc0b2 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:09:09 -0800 Subject: [PATCH 05/18] bcrypt-pbkdf: bump to edition 2024; msrv 1.85 --- .github/workflows/bcrypt-pbkdf.yml | 4 +- bcrypt-pbkdf/Cargo.toml | 4 +- bcrypt-pbkdf/README.md | 9 +- bcrypt-pbkdf/src/lib.rs | 4 +- bcrypt-pbkdf/tests/test_vectors.rs | 127 ++++++++++++++++------------- 5 files changed, 78 insertions(+), 70 deletions(-) diff --git a/.github/workflows/bcrypt-pbkdf.yml b/.github/workflows/bcrypt-pbkdf.yml index 81ef93ea..717c15e3 100644 --- a/.github/workflows/bcrypt-pbkdf.yml +++ b/.github/workflows/bcrypt-pbkdf.yml @@ -22,7 +22,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -48,7 +48,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff --git a/bcrypt-pbkdf/Cargo.toml b/bcrypt-pbkdf/Cargo.toml index ed00284c..570f9cab 100644 --- a/bcrypt-pbkdf/Cargo.toml +++ b/bcrypt-pbkdf/Cargo.toml @@ -10,8 +10,8 @@ homepage = "https://github.com/RustCrypto/password-hashes/tree/master/bcrypt-pbk repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] -edition = "2021" -rust-version = "1.81" +edition = "2024" +rust-version = "1.85" [dependencies] blowfish = { version = "=0.10.0-pre.2", features = ["bcrypt"] } diff --git a/bcrypt-pbkdf/README.md b/bcrypt-pbkdf/README.md index b2cd3b41..44b3543f 100644 --- a/bcrypt-pbkdf/README.md +++ b/bcrypt-pbkdf/README.md @@ -10,13 +10,6 @@ Pure Rust implementation of the [`bcrypt_pbkdf`] password-based key derivation function, a custom derivative of PBKDF2 [used in OpenSSH]. -## Minimum Supported Rust Version - -Rust **1.81** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer @@ -44,7 +37,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/bcrypt-pbkdf/badge.svg [docs-link]: https://docs.rs/bcrypt-pbkdf/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.81+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes [build-image]: https://github.com/RustCrypto/password-hashes/workflows/bcrypt-pbkdf/badge.svg?branch=master&event=push diff --git a/bcrypt-pbkdf/src/lib.rs b/bcrypt-pbkdf/src/lib.rs index 508eff30..e1ed574c 100644 --- a/bcrypt-pbkdf/src/lib.rs +++ b/bcrypt-pbkdf/src/lib.rs @@ -22,12 +22,12 @@ pub use errors::Error; use blowfish::Blowfish; use sha2::{ + Digest, Sha512, digest::{ + FixedOutput, MacMarker, Output, OutputSizeUser, Update, crypto_common::{Key, KeyInit, KeySizeUser}, typenum::U32, - FixedOutput, MacMarker, Output, OutputSizeUser, Update, }, - Digest, Sha512, }; #[cfg(feature = "zeroize")] diff --git a/bcrypt-pbkdf/tests/test_vectors.rs b/bcrypt-pbkdf/tests/test_vectors.rs index 4e8527ab..e54098d1 100644 --- a/bcrypt-pbkdf/tests/test_vectors.rs +++ b/bcrypt-pbkdf/tests/test_vectors.rs @@ -1,6 +1,7 @@ extern crate bcrypt_pbkdf; use bcrypt_pbkdf::bcrypt_pbkdf_with_memory; +use hex_literal::hex; #[test] fn test_openbsd_vectors() { @@ -11,62 +12,76 @@ fn test_openbsd_vectors() { out: Vec, } - let tests = vec!( - Test{ - password: "password", - salt: b"salt".to_vec(), - rounds: 4, - out: vec![ - 0x5b, 0xbf, 0x0c, 0xc2, 0x93, 0x58, 0x7f, 0x1c, 0x36, 0x35, 0x55, 0x5c, 0x27, 0x79, 0x65, 0x98, - 0xd4, 0x7e, 0x57, 0x90, 0x71, 0xbf, 0x42, 0x7e, 0x9d, 0x8f, 0xbe, 0x84, 0x2a, 0xba, 0x34, 0xd9], - }, Test{ - password: "password", - salt: vec![0], - rounds: 4, - out: vec![0xc1, 0x2b, 0x56, 0x62, 0x35, 0xee, 0xe0, 0x4c, 0x21, 0x25, 0x98, 0x97, 0x0a, 0x57, 0x9a, 0x67], - }, Test{ - password: "\x00", - salt: b"salt".to_vec(), - rounds: 4, - out: vec![0x60, 0x51, 0xbe, 0x18, 0xc2, 0xf4, 0xf8, 0x2c, 0xbf, 0x0e, 0xfe, 0xe5, 0x47, 0x1b, 0x4b, 0xb9], - }, Test{ - password: "password\x00", - salt: b"salt\x00".to_vec(), - rounds: 4, - out: vec![ - 0x74, 0x10, 0xe4, 0x4c, 0xf4, 0xfa, 0x07, 0xbf, 0xaa, 0xc8, 0xa9, 0x28, 0xb1, 0x72, 0x7f, 0xac, - 0x00, 0x13, 0x75, 0xe7, 0xbf, 0x73, 0x84, 0x37, 0x0f, 0x48, 0xef, 0xd1, 0x21, 0x74, 0x30, 0x50], - }, Test{ - password: "pass\x00wor", - salt: b"sa\x00l".to_vec(), - rounds: 4, - out: vec![0xc2, 0xbf, 0xfd, 0x9d, 0xb3, 0x8f, 0x65, 0x69, 0xef, 0xef, 0x43, 0x72, 0xf4, 0xde, 0x83, 0xc0], - }, Test{ - password: "pass\x00word", - salt: b"sa\x00lt".to_vec(), - rounds: 4, - out: vec![0x4b, 0xa4, 0xac, 0x39, 0x25, 0xc0, 0xe8, 0xd7, 0xf0, 0xcd, 0xb6, 0xbb, 0x16, 0x84, 0xa5, 0x6f], - }, Test{ - password: "password", - salt: b"salt".to_vec(), - rounds: 8, - out: vec![ - 0xe1, 0x36, 0x7e, 0xc5, 0x15, 0x1a, 0x33, 0xfa, 0xac, 0x4c, 0xc1, 0xc1, 0x44, 0xcd, 0x23, 0xfa, - 0x15, 0xd5, 0x54, 0x84, 0x93, 0xec, 0xc9, 0x9b, 0x9b, 0x5d, 0x9c, 0x0d, 0x3b, 0x27, 0xbe, 0xc7, - 0x62, 0x27, 0xea, 0x66, 0x08, 0x8b, 0x84, 0x9b, 0x20, 0xab, 0x7a, 0xa4, 0x78, 0x01, 0x02, 0x46, - 0xe7, 0x4b, 0xba, 0x51, 0x72, 0x3f, 0xef, 0xa9, 0xf9, 0x47, 0x4d, 0x65, 0x08, 0x84, 0x5e, 0x8d], - }, Test{ - password: "password", - salt: b"salt".to_vec(), - rounds: 42, - out: vec![0x83, 0x3c, 0xf0, 0xdc, 0xf5, 0x6d, 0xb6, 0x56, 0x08, 0xe8, 0xf0, 0xdc, 0x0c, 0xe8, 0x82, 0xbd], - }, Test{ - password: "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.", - salt: b"salis\x00".to_vec(), - rounds: 8, - out: vec![0x10, 0x97, 0x8b, 0x07, 0x25, 0x3d, 0xf5, 0x7f, 0x71, 0xa1, 0x62, 0xeb, 0x0e, 0x8a, 0xd3, 0x0a], - }, - ); + let tests = vec![ + Test { + password: "password", + salt: b"salt".to_vec(), + rounds: 4, + out: hex!("5bbf0cc293587f1c3635555c27796598d47e579071bf427e9d8fbe842aba34d9").to_vec(), + }, + Test { + password: "password", + salt: vec![0], + rounds: 4, + out: hex!("c12b566235eee04c212598970a579a67").to_vec(), + }, + Test { + password: "\x00", + salt: b"salt".to_vec(), + rounds: 4, + out: hex!("6051be18c2f4f82cbf0efee5471b4bb9").to_vec(), + }, + Test { + password: "password\x00", + salt: b"salt\x00".to_vec(), + rounds: 4, + out: hex!("7410e44cf4fa07bfaac8a928b1727fac001375e7bf7384370f48efd121743050").to_vec(), + }, + Test { + password: "pass\x00wor", + salt: b"sa\x00l".to_vec(), + rounds: 4, + out: hex!("c2bffd9db38f6569efef4372f4de83c0").to_vec(), + }, + Test { + password: "pass\x00word", + salt: b"sa\x00lt".to_vec(), + rounds: 4, + out: hex!("4ba4ac3925c0e8d7f0cdb6bb1684a56f").to_vec(), + }, + Test { + password: "password", + salt: b"salt".to_vec(), + rounds: 8, + out: hex!( + "e1367ec5151a33faac4cc1c144cd" + "23fa15d5548493ecc99b9b5d9c0d" + "3b27bec76227ea66088b849b20ab" + "7aa478010246e74bba51723fefa9" + "f9474d6508845e8d") + .to_vec(), + }, + Test { + password: "password", + salt: b"salt".to_vec(), + rounds: 42, + out: hex!("833cf0dcf56db65608e8f0dc0ce882bd").to_vec(), + }, + Test { + password: concat!( + "Lorem ipsum dolor sit amet, consectetur adipisicing elit, ", + "sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. ", + "Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris ", + "nisi ut aliquip ex ea commodo consequat. ", + "Duis aute irure dolor in reprehenderit in voluptate velit esse cillum ", + "dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non ", + "proident, sunt in culpa qui officia deserunt mollit anim id est laborum." + ), + salt: b"salis\x00".to_vec(), + rounds: 8, + out: hex!("10978b07253df57f71a162eb0e8ad30a").to_vec(), + }, + ]; for t in tests.iter() { let mut out = vec![0; t.out.len()]; From 17c56ce63b6caebf55b0d429927db24f7be182a3 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:09:09 -0800 Subject: [PATCH 06/18] sha-crypt: bump to edition 2024; msrv 1.85 --- .github/workflows/sha-crypt.yml | 4 ++-- sha-crypt/Cargo.toml | 4 ++-- sha-crypt/README.md | 7 ------- sha-crypt/src/lib.rs | 4 ++-- sha-crypt/tests/lib.rs | 37 ++++++++++++--------------------- 5 files changed, 19 insertions(+), 37 deletions(-) diff --git a/.github/workflows/sha-crypt.yml b/.github/workflows/sha-crypt.yml index 69c9d9f2..71d61236 100644 --- a/.github/workflows/sha-crypt.yml +++ b/.github/workflows/sha-crypt.yml @@ -22,7 +22,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable target: - thumbv7em-none-eabi @@ -46,7 +46,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable steps: - uses: actions/checkout@v4 diff --git a/sha-crypt/Cargo.toml b/sha-crypt/Cargo.toml index 25ca5016..104cf065 100644 --- a/sha-crypt/Cargo.toml +++ b/sha-crypt/Cargo.toml @@ -13,8 +13,8 @@ repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] readme = "README.md" -edition = "2021" -rust-version = "1.81" +edition = "2024" +rust-version = "1.85" [dependencies] sha2 = { version = "=0.11.0-pre.4", default-features = false } diff --git a/sha-crypt/README.md b/sha-crypt/README.md index 00e7f378..6ed898ac 100644 --- a/sha-crypt/README.md +++ b/sha-crypt/README.md @@ -13,13 +13,6 @@ a legacy password hashing scheme supported by the [POSIX crypt C library][2]. Password hashes using this algorithm start with `$6$` when encoded using the [PHC string format][3]. -## Minimum Supported Rust Version - -Rust **1.81** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer diff --git a/sha-crypt/src/lib.rs b/sha-crypt/src/lib.rs index 91784814..b37e6abd 100644 --- a/sha-crypt/src/lib.rs +++ b/sha-crypt/src/lib.rs @@ -51,7 +51,7 @@ mod params; pub use crate::{ defs::{BLOCK_SIZE_SHA256, BLOCK_SIZE_SHA512}, errors::CryptError, - params::{Sha256Params, Sha512Params, ROUNDS_DEFAULT, ROUNDS_MAX, ROUNDS_MIN}, + params::{ROUNDS_DEFAULT, ROUNDS_MAX, ROUNDS_MIN, Sha256Params, Sha512Params}, }; use alloc::{string::String, vec::Vec}; @@ -64,7 +64,7 @@ use { errors::CheckError, }, alloc::string::ToString, - rand::{distributions::Distribution, thread_rng, Rng}, + rand::{Rng, distributions::Distribution, thread_rng}, }; #[cfg(feature = "simple")] diff --git a/sha-crypt/tests/lib.rs b/sha-crypt/tests/lib.rs index 62a046db..c0f978f1 100644 --- a/sha-crypt/tests/lib.rs +++ b/sha-crypt/tests/lib.rs @@ -1,5 +1,5 @@ use sha_crypt::{ - sha256_crypt_b64, sha512_crypt_b64, Sha256Params, Sha512Params, ROUNDS_MAX, ROUNDS_MIN, + ROUNDS_MAX, ROUNDS_MIN, Sha256Params, Sha512Params, sha256_crypt_b64, sha512_crypt_b64, }; #[cfg(feature = "simple")] @@ -17,27 +17,22 @@ const TEST_VECTORS: &[TestVector] = &[ TestVector { input: "Hello world!", salt: "saltstring", - result_sha256: - "5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5", - result_sha512: - "svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1", + result_sha256: "5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5", + result_sha512: "svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1", rounds: 5_000, }, TestVector { input: "Hello world!", salt: "saltstringsaltstring", result_sha256: "3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA", - result_sha512: - "OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.", + result_sha512: "OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.", rounds: 10_000, }, TestVector { input: "This is just a test", salt: "toolongsaltstring", - result_sha256: - "Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5", - result_sha512: - "lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0", + result_sha256: "Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5", + result_sha512: "lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0", rounds: 5_000, }, // 63 length password @@ -45,8 +40,7 @@ const TEST_VECTORS: &[TestVector] = &[ input: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", salt: "kf8.jB3ZLrhG2/n1", result_sha256: "DjWX2SQlslxT/jON7Gof6T4UodbHrqW0Lwl7xLT2gu8", - result_sha512: - "BZk4ni5Rx3KgyM7vd48EpPgr8AoICCq5HRQPu6vNf6t6xnJ3xNu7MMMBXh/3eUZ5ql.mBqjNhlYUWHBqjKRkU/", + result_sha512: "BZk4ni5Rx3KgyM7vd48EpPgr8AoICCq5HRQPu6vNf6t6xnJ3xNu7MMMBXh/3eUZ5ql.mBqjNhlYUWHBqjKRkU/", rounds: 5_000, }, // 64 length password @@ -54,8 +48,7 @@ const TEST_VECTORS: &[TestVector] = &[ input: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", // 64 length salt: "JKb8lkbDWryxdaRL", result_sha256: "X2024tVMdQy9vnRU/dnWB0eL4dpfJvgD3g9o0eE95d7", - result_sha512: - "dLVyYl.G1KhMak97BNNO7vV2upvwcQ3hKrQjO8xn.V/ucmN4ogytaGbIEfBrNv4YLtbpjgV240ldDgkP9M9S7.", + result_sha512: "dLVyYl.G1KhMak97BNNO7vV2upvwcQ3hKrQjO8xn.V/ucmN4ogytaGbIEfBrNv4YLtbpjgV240ldDgkP9M9S7.", rounds: 5_000, }, // 65 length password @@ -63,8 +56,7 @@ const TEST_VECTORS: &[TestVector] = &[ input: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", // 65 length salt: "JmlLQtPDXkxMbdFc", result_sha256: "MVZTo9AdKikQwK5sBlSQ/X7mUH19GoFGrmRr0XxcUr6", - result_sha512: - "lO/BGRK6dKXMaRafyLMZl9wkxvdCobed0ppRHYJtCfatf6yGLghCs.rq.ifz4YezxCHmQG7lpqm4W46xsNnBm0", + result_sha512: "lO/BGRK6dKXMaRafyLMZl9wkxvdCobed0ppRHYJtCfatf6yGLghCs.rq.ifz4YezxCHmQG7lpqm4W46xsNnBm0", rounds: 5_000, }, // 127 length password @@ -72,8 +64,7 @@ const TEST_VECTORS: &[TestVector] = &[ input: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", salt: "/1VCrzVUrr9Nmmkl", result_sha256: "SzBUUlAa0OOcJ4RkWAEcxPCu9KvgM3XV2Wt1Or7Qnm9", - result_sha512: - "zp5KH/GGAMr3pQap8GbQ2Qgp3EjvI4o7kurGx9YNtwzN5eKvuWGuR/LNMa5qANyeHl2ROMMd0WkX24ttkiGIE1", + result_sha512: "zp5KH/GGAMr3pQap8GbQ2Qgp3EjvI4o7kurGx9YNtwzN5eKvuWGuR/LNMa5qANyeHl2ROMMd0WkX24ttkiGIE1", rounds: 5_000, }, // 128 length password @@ -81,17 +72,15 @@ const TEST_VECTORS: &[TestVector] = &[ input: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", salt: "mpyXfdM3cczHJWG6", result_sha256: "mDy6Ir4NZkSLjfI1jo.P8FQDl5cf51ZpOYO9VAiYzK2", - result_sha512: - "vvNL55Todp53rsMLKgBJHsCC2lKj4AwYWWF/ywz7UVqBxj7F00UUI2an7R5amwBTL4DibkvKMb3Oj5dk4I1Y4.", + result_sha512: "vvNL55Todp53rsMLKgBJHsCC2lKj4AwYWWF/ywz7UVqBxj7F00UUI2an7R5amwBTL4DibkvKMb3Oj5dk4I1Y4.", rounds: 5_000, }, - // 129 length password + // 129 length password TestVector { input: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", salt: "idU8Ptdv2tVGArtN", result_sha256: "mijVpmWD4y0vuT.2Ux0XMwvpis59xfeu3Mhm1TIK7T9", - result_sha512: - "uM8hU3Ot4nmDtcMvMyccUW2vT6uI2cM6MpWDslBlyO0jghVdKYB7RafnmQQPrA8QMauX8qrnX5Fs9ST5y/zUS1", + result_sha512: "uM8hU3Ot4nmDtcMvMyccUW2vT6uI2cM6MpWDslBlyO0jghVdKYB7RafnmQQPrA8QMauX8qrnX5Fs9ST5y/zUS1", rounds: 5_000, }, ]; From 53e4c535157048b4918b8b2b7f4472231b4de7c2 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:09:09 -0800 Subject: [PATCH 07/18] yescrypt: bump to edition 2024; msrv 1.85 --- .github/workflows/yescrypt.yml | 4 +- yescrypt/Cargo.toml | 4 +- yescrypt/README.md | 7 ---- yescrypt/src/common.rs | 4 +- yescrypt/src/lib.rs | 5 ++- yescrypt/src/sha256.rs | 4 +- yescrypt/tests/kats.rs | 76 +++++++++++++++++++++++++--------- 7 files changed, 68 insertions(+), 36 deletions(-) diff --git a/.github/workflows/yescrypt.yml b/.github/workflows/yescrypt.yml index d42df4a6..433ee4ec 100644 --- a/.github/workflows/yescrypt.yml +++ b/.github/workflows/yescrypt.yml @@ -29,7 +29,7 @@ jobs: include: # 32-bit Linux - target: i686-unknown-linux-gnu - rust: 1.81.0 # MSRV + rust: 1.85.0 # MSRV deps: sudo apt update && sudo apt install gcc-multilib - target: i686-unknown-linux-gnu rust: stable @@ -37,7 +37,7 @@ jobs: # 64-bit Linux - target: x86_64-unknown-linux-gnu - rust: 1.81.0 # MSRV + rust: 1.85.0 # MSRV - target: x86_64-unknown-linux-gnu rust: stable steps: diff --git a/yescrypt/Cargo.toml b/yescrypt/Cargo.toml index f6b17591..832ba785 100644 --- a/yescrypt/Cargo.toml +++ b/yescrypt/Cargo.toml @@ -10,8 +10,8 @@ repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "hashing", "password", "phf"] categories = ["authentication", "cryptography", "no-std"] readme = "README.md" -edition = "2021" -rust-version = "1.81" +edition = "2024" +rust-version = "1.85" [dependencies] libc = "0.2" diff --git a/yescrypt/README.md b/yescrypt/README.md index c5ea6fab..e0f5694e 100644 --- a/yescrypt/README.md +++ b/yescrypt/README.md @@ -15,13 +15,6 @@ The implementation contained in this crate has never been independently audited! USE AT YOUR OWN RISK! -## Minimum Supported Rust Version - -Rust **1.81** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer diff --git a/yescrypt/src/common.rs b/yescrypt/src/common.rs index ac7bf6b5..f54ebb3b 100644 --- a/yescrypt/src/common.rs +++ b/yescrypt/src/common.rs @@ -8,7 +8,7 @@ unused_mut )] -use crate::{encrypt_dir_t, size_t, uint32_t, uint64_t, uint8_t, Binary, DEC}; +use crate::{Binary, DEC, encrypt_dir_t, size_t, uint8_t, uint32_t, uint64_t}; static mut itoa64: *const libc::c_char = b"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\0" as *const u8 @@ -426,8 +426,8 @@ pub(crate) unsafe fn encrypt( mut key: *const Binary, mut dir: encrypt_dir_t, ) { - use sha2::digest::array::Array; use sha2::Digest; + use sha2::digest::array::Array; let mut f: [libc::c_uchar; 36] = [0; 36]; let mut halflen: size_t = 0; diff --git a/yescrypt/src/lib.rs b/yescrypt/src/lib.rs index e0e4be96..438aff47 100644 --- a/yescrypt/src/lib.rs +++ b/yescrypt/src/lib.rs @@ -41,7 +41,8 @@ non_upper_case_globals, path_statements, unused_assignments, - unused_mut + unused_mut, + unsafe_op_in_unsafe_fn )] // Adapted from the yescrypt reference implementation available at: @@ -57,7 +58,7 @@ mod sha256; use crate::{ common::{blkcpy, blkxor, integerify, le32dec, le32enc, p2floor, wrap}, - sha256::{HMAC_SHA256_Buf, SHA256_Buf, PBKDF2_SHA256}, + sha256::{HMAC_SHA256_Buf, PBKDF2_SHA256, SHA256_Buf}, }; use alloc::{vec, vec::Vec}; use core::{ diff --git a/yescrypt/src/sha256.rs b/yescrypt/src/sha256.rs index a48f67ed..2532e771 100644 --- a/yescrypt/src/sha256.rs +++ b/yescrypt/src/sha256.rs @@ -8,12 +8,12 @@ unused_mut )] -use crate::{size_t, uint64_t, uint8_t}; +use crate::{size_t, uint8_t, uint64_t}; use libc::memcpy; pub unsafe fn SHA256_Buf(mut in_0: *const libc::c_void, mut len: size_t, mut digest: *mut uint8_t) { - use sha2::digest::array::Array; use sha2::Digest; + use sha2::digest::array::Array; let mut ctx = sha2::Sha256::new(); ctx.update(&*core::ptr::slice_from_raw_parts(in_0 as *const u8, len)); diff --git a/yescrypt/tests/kats.rs b/yescrypt/tests/kats.rs index 9e8f038c..832086b1 100644 --- a/yescrypt/tests/kats.rs +++ b/yescrypt/tests/kats.rs @@ -6,7 +6,9 @@ use yescrypt::yescrypt_kdf; #[test] fn kat0() { - const EXPECTED: [u8; 64] = hex!("77 d6 57 62 38 65 7b 20 3b 19 ca 42 c1 8a 04 97 f1 6b 48 44 e3 07 4a e8 df df fa 3f ed e2 14 42 fc d0 06 9d ed 09 48 f8 32 6a 75 3a 0f c8 1f 17 e8 d3 e0 fb 2e 0d 36 28 cf 35 e2 0c 38 d1 89 06"); + const EXPECTED: [u8; 64] = hex!( + "77 d6 57 62 38 65 7b 20 3b 19 ca 42 c1 8a 04 97 f1 6b 48 44 e3 07 4a e8 df df fa 3f ed e2 14 42 fc d0 06 9d ed 09 48 f8 32 6a 75 3a 0f c8 1f 17 e8 d3 e0 fb 2e 0d 36 28 cf 35 e2 0c 38 d1 89 06" + ); let actual = yescrypt_kdf(b"", b"", 0, 16, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } @@ -20,14 +22,18 @@ fn kat1() { #[test] fn kat2() { - const EXPECTED: [u8; 64] = hex!("ef ad 0c 23 31 4c b5 72 bc 3c fb 15 43 da 42 f8 a8 b0 73 00 4c 86 6b 64 ab 50 55 a4 f0 9f a5 f5 71 14 2e bf e7 e0 5a 3b 92 c4 32 f3 1d ea 95 ad 5f 9c 85 4b 64 56 46 2f 4b d0 f7 32 b7 cd c5 49"); + const EXPECTED: [u8; 64] = hex!( + "ef ad 0c 23 31 4c b5 72 bc 3c fb 15 43 da 42 f8 a8 b0 73 00 4c 86 6b 64 ab 50 55 a4 f0 9f a5 f5 71 14 2e bf e7 e0 5a 3b 92 c4 32 f3 1d ea 95 ad 5f 9c 85 4b 64 56 46 2f 4b d0 f7 32 b7 cd c5 49" + ); let actual = yescrypt_kdf(b"", b"", 0, 4, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat3() { - const EXPECTED: [u8; 64] = hex!("85 dd a4 8c 9e c9 de 2f 7f 1a e8 b4 df ed a5 1f 8b 6d 56 f3 08 1b e1 a7 c0 83 3b a2 71 9a 36 ab 02 88 5d ae 36 55 7d 34 26 86 b1 7b a7 5f 2c 21 77 92 de 09 70 ab 1d 07 a9 c7 50 93 6d 31 42 6f"); + const EXPECTED: [u8; 64] = hex!( + "85 dd a4 8c 9e c9 de 2f 7f 1a e8 b4 df ed a5 1f 8b 6d 56 f3 08 1b e1 a7 c0 83 3b a2 71 9a 36 ab 02 88 5d ae 36 55 7d 34 26 86 b1 7b a7 5f 2c 21 77 92 de 09 70 ab 1d 07 a9 c7 50 93 6d 31 42 6f" + ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } @@ -41,42 +47,54 @@ fn kat4() { #[test] fn kat5() { - const EXPECTED: [u8; 64] = hex!("4b aa 8c d8 60 8b a9 1f 3e 34 39 d9 ec 4f ae 8f 9f c0 92 d9 ca 22 b7 37 7e 31 ae 5b 9a d7 87 7c 11 68 69 11 62 dd 0e 5e f0 49 e5 70 65 0c be d4 38 4a d6 05 34 fb 0c be d1 9f f3 f0 33 c9 4b 0c"); + const EXPECTED: [u8; 64] = hex!( + "4b aa 8c d8 60 8b a9 1f 3e 34 39 d9 ec 4f ae 8f 9f c0 92 d9 ca 22 b7 37 7e 31 ae 5b 9a d7 87 7c 11 68 69 11 62 dd 0e 5e f0 49 e5 70 65 0c be d4 38 4a d6 05 34 fb 0c be d1 9f f3 f0 33 c9 4b 0c" + ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 1, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat6() { - const EXPECTED: [u8; 64] = hex!("e6 e8 bb a0 9b 64 12 ff b0 b3 cc 35 e3 7d 0b 78 2a 47 fb aa dc 57 a0 76 d7 c6 cc 2e 70 91 9a 1b 8d 47 38 c4 f8 33 55 69 07 42 d9 be d7 1c 3b 8f b0 d7 eb 08 6a b1 34 c5 e5 57 07 c2 c1 3c 75 ef"); + const EXPECTED: [u8; 64] = hex!( + "e6 e8 bb a0 9b 64 12 ff b0 b3 cc 35 e3 7d 0b 78 2a 47 fb aa dc 57 a0 76 d7 c6 cc 2e 70 91 9a 1b 8d 47 38 c4 f8 33 55 69 07 42 d9 be d7 1c 3b 8f b0 d7 eb 08 6a b1 34 c5 e5 57 07 c2 c1 3c 75 ef" + ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 2, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat7() { - const EXPECTED: [u8; 64] = hex!("ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08 99 7d 70 ae 0a 64 bf 0a 4d 96 c1 73 ab f8 82 79 c1 a9 4a d9 bd f1 68 ed fb bd 90 f6 6e d5 c8 0d"); + const EXPECTED: [u8; 64] = hex!( + "ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08 99 7d 70 ae 0a 64 bf 0a 4d 96 c1 73 ab f8 82 79 c1 a9 4a d9 bd f1 68 ed fb bd 90 f6 6e d5 c8 0d" + ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 3, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat8() { - const EXPECTED: [u8; 33] = hex!("ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08 99"); + const EXPECTED: [u8; 33] = hex!( + "ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08 99" + ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 3, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat9() { - const EXPECTED: [u8; 32] = hex!("ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08"); + const EXPECTED: [u8; 32] = hex!( + "ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08" + ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 3, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat10() { - const EXPECTED: [u8; 31] = hex!("ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1"); + const EXPECTED: [u8; 31] = hex!( + "ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1" + ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 3, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } @@ -90,7 +108,9 @@ fn kat11() { #[test] fn kat12() { - const EXPECTED: [u8; 64] = hex!("0c d5 af 76 eb 24 1d f8 11 9a 9a 12 2a e3 69 20 bc c7 f4 14 b9 c0 d5 8f 45 00 80 60 da de 46 b0 c8 09 22 bd cc 16 a3 ab 5d 20 1d 4c 61 40 c6 71 be 1f 75 27 2c a9 04 73 9d 5a d1 ff 67 2b 0c 21"); + const EXPECTED: [u8; 64] = hex!( + "0c d5 af 76 eb 24 1d f8 11 9a 9a 12 2a e3 69 20 bc c7 f4 14 b9 c0 d5 8f 45 00 80 60 da de 46 b0 c8 09 22 bd cc 16 a3 ab 5d 20 1d 4c 61 40 c6 71 be 1f 75 27 2c a9 04 73 9d 5a d1 ff 67 2b 0c 21" + ); let actual = yescrypt_kdf(b"", b"", 182, 4, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } @@ -104,28 +124,36 @@ fn kat13() { #[test] fn kat14() { - const EXPECTED: [u8; 64] = hex!("23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4 68 ca 36 2c 55 57 cc 04 b6 81 1e 2e 73 08 41 f5 26 d8 f4 f7 ac fb fa 9e 06 fe 1f 38 3a 71 15 5e"); + const EXPECTED: [u8; 64] = hex!( + "23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4 68 ca 36 2c 55 57 cc 04 b6 81 1e 2e 73 08 41 f5 26 d8 f4 f7 ac fb fa 9e 06 fe 1f 38 3a 71 15 5e" + ); let actual = yescrypt_kdf(b"", b"", 182, 4, 1, 1, 1, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat15() { - const EXPECTED: [u8; 33] = hex!("23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4 68"); + const EXPECTED: [u8; 33] = hex!( + "23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4 68" + ); let actual = yescrypt_kdf(b"", b"", 182, 4, 1, 1, 1, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat16() { - const EXPECTED: [u8; 32] = hex!("23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4"); + const EXPECTED: [u8; 32] = hex!( + "23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4" + ); let actual = yescrypt_kdf(b"", b"", 182, 4, 1, 1, 1, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat17() { - const EXPECTED: [u8; 31] = hex!("23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35"); + const EXPECTED: [u8; 31] = hex!( + "23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35" + ); let actual = yescrypt_kdf(b"", b"", 182, 4, 1, 1, 1, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } @@ -139,35 +167,45 @@ fn kat18() { #[test] fn kat19() { - const EXPECTED: [u8; 40] = hex!("e1 f9 81 73 3a 94 05 2f cd 7a cb 14 05 df 0b bd e8 e4 99 b6 a1 33 1b 77 59 09 b4 8c 2f 51 6c 40 dc c8 30 16 35 b7 23 7b"); + const EXPECTED: [u8; 40] = hex!( + "e1 f9 81 73 3a 94 05 2f cd 7a cb 14 05 df 0b bd e8 e4 99 b6 a1 33 1b 77 59 09 b4 8c 2f 51 6c 40 dc c8 30 16 35 b7 23 7b" + ); let actual = yescrypt_kdf(b"p", b"s", 182, 16, 8, 1, 10, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat20() { - const EXPECTED: [u8; 40] = hex!("9e 7a 40 97 64 42 84 cf 3b 73 b6 04 50 ff 23 0c dc b6 b1 b1 9b 15 09 ee b4 82 f6 96 c4 f1 c7 05 c0 0f 74 02 16 18 3a 12"); + const EXPECTED: [u8; 40] = hex!( + "9e 7a 40 97 64 42 84 cf 3b 73 b6 04 50 ff 23 0c dc b6 b1 b1 9b 15 09 ee b4 82 f6 96 c4 f1 c7 05 c0 0f 74 02 16 18 3a 12" + ); let actual = yescrypt_kdf(b"p", b"s", 1, 16, 8, 1, 10, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat21() { - const EXPECTED: [u8; 40] = hex!("c8 c7 ff 11 22 b0 b2 91 c3 f2 60 89 48 78 2c d6 89 cc 45 57 90 17 aa a5 ff 8b aa 74 a6 32 ec 99 c3 d6 69 30 fb 20 23 bb"); + const EXPECTED: [u8; 40] = hex!( + "c8 c7 ff 11 22 b0 b2 91 c3 f2 60 89 48 78 2c d6 89 cc 45 57 90 17 aa a5 ff 8b aa 74 a6 32 ec 99 c3 d6 69 30 fb 20 23 bb" + ); let actual = yescrypt_kdf(b"p", b"s", 182, 16, 8, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat22() { - const EXPECTED: [u8; 40] = hex!("9d d6 36 c2 d0 bb 92 34 52 86 ef da f8 a6 8c fc 1b 4f fd c4 b1 ad ac cc 7d 86 4b 9a 67 87 b8 5d 6a e0 f5 28 0d a8 88 9f"); + const EXPECTED: [u8; 40] = hex!( + "9d d6 36 c2 d0 bb 92 34 52 86 ef da f8 a6 8c fc 1b 4f fd c4 b1 ad ac cc 7d 86 4b 9a 67 87 b8 5d 6a e0 f5 28 0d a8 88 9f" + ); let actual = yescrypt_kdf(b"p", b"s", 1, 16, 8, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } #[test] fn kat23() { - const EXPECTED: [u8; 32] = hex!("c8 c7 ff 11 22 b0 b2 91 c3 f2 60 89 48 78 2c d6 89 cc 45 57 90 17 aa a5 ff 8b aa 74 a6 32 ec 99"); + const EXPECTED: [u8; 32] = hex!( + "c8 c7 ff 11 22 b0 b2 91 c3 f2 60 89 48 78 2c d6 89 cc 45 57 90 17 aa a5 ff 8b aa 74 a6 32 ec 99" + ); let actual = yescrypt_kdf(b"p", b"s", 182, 16, 8, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); } From a50a6b15a625409e095137d27665ada661c6d323 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:17:24 -0800 Subject: [PATCH 08/18] password-auth: bump to edition 2024; msrv 1.85 --- .github/workflows/password-auth.yml | 14 +- Cargo.lock | 195 +++++++++++++++++++++++----- password-auth/Cargo.toml | 11 +- password-auth/README.md | 7 - password-auth/src/lib.rs | 12 +- 5 files changed, 182 insertions(+), 57 deletions(-) diff --git a/.github/workflows/password-auth.yml b/.github/workflows/password-auth.yml index 887cff17..b2c2eacc 100644 --- a/.github/workflows/password-auth.yml +++ b/.github/workflows/password-auth.yml @@ -26,7 +26,7 @@ jobs: strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable steps: - uses: actions/checkout@v4 @@ -41,11 +41,13 @@ jobs: - run: cargo test --all-features wasm: + env: + RUSTFLAGS: --cfg getrandom_backend="wasm_js" runs-on: ubuntu-latest strategy: matrix: rust: - - 1.81.0 # MSRV + - 1.85.0 # MSRV - stable steps: - uses: actions/checkout@v4 @@ -54,7 +56,7 @@ jobs: with: toolchain: ${{ matrix.rust }} targets: wasm32-unknown-unknown - - run: cargo build --target wasm32-unknown-unknown --no-default-features --features argon2 - - run: cargo build --target wasm32-unknown-unknown --no-default-features --features pbkdf2 - - run: cargo build --target wasm32-unknown-unknown --no-default-features --features scrypt - - run: cargo build --target wasm32-unknown-unknown --no-default-features --features argon2,pbkdf2,scrypt + - run: cargo build --target wasm32-unknown-unknown --no-default-features --features wasm_js,argon2 + - run: cargo build --target wasm32-unknown-unknown --no-default-features --features wasm_js,pbkdf2 + - run: cargo build --target wasm32-unknown-unknown --no-default-features --features wasm_js,scrypt + - run: cargo build --target wasm32-unknown-unknown --no-default-features --features wasm_js,argon2,pbkdf2,scrypt diff --git a/Cargo.lock b/Cargo.lock index 2be8da9b..307865ef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "argon2" @@ -51,6 +51,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "bitflags" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36" + [[package]] name = "blake2" version = "0.11.0-pre.4" @@ -182,9 +188,9 @@ version = "0.2.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b0b8ce8218c97789f16356e7896b3714f26c2ee1079b79c0b7ae7064bb9089fa" dependencies = [ - "getrandom", + "getrandom 0.2.15", "hybrid-array", - "rand_core", + "rand_core 0.6.4", ] [[package]] @@ -210,12 +216,24 @@ name = "getrandom" version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "libc", + "wasi 0.11.0+wasi-snapshot-preview1", +] + +[[package]] +name = "getrandom" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" dependencies = [ "cfg-if", "js-sys", "libc", - "wasi", + "wasi 0.13.3+wasi-0.2.2", "wasm-bindgen", + "windows-targets", ] [[package]] @@ -259,10 +277,11 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.64" +version = "0.3.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" dependencies = [ + "once_cell", "wasm-bindgen", ] @@ -317,21 +336,20 @@ name = "password-auth" version = "1.1.0-pre.1" dependencies = [ "argon2", - "getrandom", + "getrandom 0.3.1", "password-hash", "pbkdf2", - "rand_core", + "rand_core 0.9.2", "scrypt", ] [[package]] name = "password-hash" version = "0.6.0-rc.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3b470a56963403c40f9dbb41eaee539759de9d026d3324da705a0ae0d269cd" +source = "git+https://github.com/RustCrypto/traits.git#3fa125f4ec6f7610de112220d38ce40113c18f2c" dependencies = [ "base64ct", - "rand_core", + "rand_core 0.9.2", "subtle", ] @@ -357,18 +375,18 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "proc-macro2" -version = "1.0.69" +version = "1.0.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc" dependencies = [ "proc-macro2", ] @@ -381,7 +399,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha", - "rand_core", + "rand_core 0.6.4", ] [[package]] @@ -391,7 +409,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.6.4", ] [[package]] @@ -400,7 +418,17 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom", + "getrandom 0.2.15", +] + +[[package]] +name = "rand_core" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a509b1a2ffbe92afab0e55c8fd99dea1c280e8171bd2d88682bb20bc41cbc2c" +dependencies = [ + "getrandom 0.3.1", + "zerocopy", ] [[package]] @@ -500,9 +528,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.38" +version = "2.0.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" +checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1" dependencies = [ "proc-macro2", "quote", @@ -527,25 +555,34 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasi" +version = "0.13.3+wasi-0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2" +dependencies = [ + "wit-bindgen-rt", +] + [[package]] name = "wasm-bindgen" -version = "0.2.87" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" dependencies = [ "cfg-if", + "once_cell", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.87" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" dependencies = [ "bumpalo", "log", - "once_cell", "proc-macro2", "quote", "syn", @@ -554,9 +591,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.87" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -564,9 +601,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.87" +version = "0.2.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" dependencies = [ "proc-macro2", "quote", @@ -577,9 +614,85 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.87" +version = "0.2.100" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "wit-bindgen-rt" +version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" +checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c" +dependencies = [ + "bitflags", +] [[package]] name = "yescrypt" @@ -593,6 +706,26 @@ dependencies = [ "sha2", ] +[[package]] +name = "zerocopy" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dde3bb8c68a8f3f1ed4ac9221aad6b10cece3e60a8e2ea54a6a2dec806d0084c" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eea57037071898bf96a6da35fd626f4f27e9cee3ead2a6c703cf09d472b2e700" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "zeroize" version = "1.8.1" diff --git a/password-auth/Cargo.toml b/password-auth/Cargo.toml index 806550de..f10f668a 100644 --- a/password-auth/Cargo.toml +++ b/password-auth/Cargo.toml @@ -13,24 +13,23 @@ repository = "https://github.com/RustCrypto/password-hashes" keywords = ["crypto", "password", "hashing"] categories = ["authentication", "cryptography", "no-std"] readme = "README.md" -edition = "2021" -rust-version = "1.81" +edition = "2024" +rust-version = "1.85" [dependencies] password-hash = { version = "0.6.0-rc.0", features = ["alloc", "rand_core"] } -rand_core = { version = "0.6", features = ["getrandom"] } +rand_core = { version = "0.9", features = ["os_rng"] } # optional dependencies argon2 = { version = "=0.6.0-pre.1", optional = true, default-features = false, features = ["alloc", "simple"], path = "../argon2" } pbkdf2 = { version = "=0.13.0-pre.1", optional = true, default-features = false, features = ["simple"], path = "../pbkdf2" } scrypt = { version = "=0.12.0-pre.2", optional = true, default-features = false, features = ["simple"], path = "../scrypt" } +getrandom = { version = "0.3", optional = true, default-features = false } [features] default = ["argon2", "std"] std = [] - -[target.'cfg(target_arch = "wasm32")'.dependencies] -getrandom = { version = "0.2", features = ["js"] } +wasm_js = ["getrandom/wasm_js"] [package.metadata.docs.rs] all-features = true diff --git a/password-auth/README.md b/password-auth/README.md index 787f2579..f2664b90 100644 --- a/password-auth/README.md +++ b/password-auth/README.md @@ -38,13 +38,6 @@ When multiple algorithms are enabled, it will still default to Argon2 for `generate_hash`, but will be able to verify password hashes from PBKDF2 and scrypt as well, if you have them in your password database. -## Minimum Supported Rust Version - -Rust **1.81** or higher. - -Minimum supported Rust version can be changed in the future, but it will be -done with a minor version bump. - ## SemVer Policy - All on-by-default features of this library are covered by SemVer diff --git a/password-auth/src/lib.rs b/password-auth/src/lib.rs index 967f2e02..a2de6515 100644 --- a/password-auth/src/lib.rs +++ b/password-auth/src/lib.rs @@ -147,11 +147,10 @@ mod tests { #[cfg(feature = "argon2")] mod argon2 { - use super::{verify_password, EXAMPLE_PASSWORD}; + use super::{EXAMPLE_PASSWORD, verify_password}; /// Argon2 hash for the string "password". - const EXAMPLE_HASH: &str = - "$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQAAAAAAAAAAA$+r0d29hqEB0yasKr55ZgICsQGSkl0v0kgwhd+U3wyRo"; + const EXAMPLE_HASH: &str = "$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQAAAAAAAAAAA$+r0d29hqEB0yasKr55ZgICsQGSkl0v0kgwhd+U3wyRo"; #[test] fn verify() { @@ -162,7 +161,7 @@ mod tests { #[cfg(feature = "pbkdf2")] mod pdkdf2 { - use super::{verify_password, EXAMPLE_PASSWORD}; + use super::{EXAMPLE_PASSWORD, verify_password}; /// PBKDF2 hash for the string "password". const EXAMPLE_HASH: &str = @@ -177,11 +176,10 @@ mod tests { #[cfg(feature = "scrypt")] mod scrypt { - use super::{verify_password, EXAMPLE_PASSWORD}; + use super::{EXAMPLE_PASSWORD, verify_password}; /// scrypt hash for the string "password". - const EXAMPLE_HASH: &str = - "$scrypt$ln=16,r=8,p=1$aM15713r3Xsvxbi31lqr1Q$nFNh2CVHVjNldFVKDHDlm4CbdRSCdEBsjjJxD+iCs5E"; + const EXAMPLE_HASH: &str = "$scrypt$ln=16,r=8,p=1$aM15713r3Xsvxbi31lqr1Q$nFNh2CVHVjNldFVKDHDlm4CbdRSCdEBsjjJxD+iCs5E"; #[test] fn verify() { From c933d0a07b178ebc5c2f0de7a0ff10ef9eed459a Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:21:59 -0800 Subject: [PATCH 09/18] password-auth: rand upgrade --- password-auth/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/password-auth/src/lib.rs b/password-auth/src/lib.rs index a2de6515..6a955eef 100644 --- a/password-auth/src/lib.rs +++ b/password-auth/src/lib.rs @@ -46,7 +46,7 @@ use scrypt::Scrypt; /// Uses the best available password hashing algorithm given the enabled /// crate features (typically Argon2 unless explicitly disabled). pub fn generate_hash(password: impl AsRef<[u8]>) -> String { - let salt = SaltString::generate(OsRng); + let salt = SaltString::try_from_rng(&mut OsRng).expect("Rng error"); generate_phc_hash(password.as_ref(), &salt) .map(|hash| hash.to_string()) .expect("password hashing error") From f48e643f36a7a8ec7525b6978644fb4c9d0747c4 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 19:36:09 -0800 Subject: [PATCH 10/18] chore(deps): bump `hex-literal` to `1.0.0` --- Cargo.lock | 4 ++-- argon2/Cargo.toml | 2 +- balloon-hash/Cargo.toml | 2 +- bcrypt-pbkdf/Cargo.toml | 2 +- pbkdf2/Cargo.toml | 2 +- yescrypt/Cargo.toml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 307865ef..91f44b6e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -244,9 +244,9 @@ checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" [[package]] name = "hex-literal" -version = "0.4.1" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46" +checksum = "bcaaec4551594c969335c98c903c1397853d4198408ea609190f420500f6be71" [[package]] name = "hmac" diff --git a/argon2/Cargo.toml b/argon2/Cargo.toml index 22c011d6..c17ba3c9 100644 --- a/argon2/Cargo.toml +++ b/argon2/Cargo.toml @@ -28,7 +28,7 @@ zeroize = { version = "1", default-features = false, optional = true } cpufeatures = "0.2.17" [dev-dependencies] -hex-literal = "0.4" +hex-literal = "1" password-hash = { version = "0.6.0-rc.0", features = ["rand_core"] } [features] diff --git a/balloon-hash/Cargo.toml b/balloon-hash/Cargo.toml index 6df6666c..1e185e60 100644 --- a/balloon-hash/Cargo.toml +++ b/balloon-hash/Cargo.toml @@ -24,7 +24,7 @@ rayon = { version = "1.7", optional = true } zeroize = { version = "1", default-features = false, optional = true } [dev-dependencies] -hex-literal = "0.4" +hex-literal = "1" sha2 = "=0.11.0-pre.4" [features] diff --git a/bcrypt-pbkdf/Cargo.toml b/bcrypt-pbkdf/Cargo.toml index 570f9cab..186e71d4 100644 --- a/bcrypt-pbkdf/Cargo.toml +++ b/bcrypt-pbkdf/Cargo.toml @@ -20,7 +20,7 @@ sha2 = { version = "=0.11.0-pre.4", default-features = false } zeroize = { version = "1", default-features = false, optional = true } [dev-dependencies] -hex-literal = "0.4.0" +hex-literal = "1" [features] default = ["alloc", "std"] diff --git a/pbkdf2/Cargo.toml b/pbkdf2/Cargo.toml index 98244ae8..c317bcf0 100644 --- a/pbkdf2/Cargo.toml +++ b/pbkdf2/Cargo.toml @@ -25,7 +25,7 @@ sha2 = { version = "=0.11.0-pre.4", default-features = false, optional = true } [dev-dependencies] hmac = "=0.13.0-pre.4" -hex-literal = "0.4" +hex-literal = "1" sha1 = "=0.11.0-pre.4" sha2 = "=0.11.0-pre.4" streebog = "=0.11.0-pre.4" diff --git a/yescrypt/Cargo.toml b/yescrypt/Cargo.toml index 832ba785..bd918d6e 100644 --- a/yescrypt/Cargo.toml +++ b/yescrypt/Cargo.toml @@ -21,7 +21,7 @@ salsa20 = { version = "=0.11.0-pre.2", default-features = false } sha2 = { version = "=0.11.0-pre.4", default-features = false } [dev-dependencies] -hex-literal = "0.4" +hex-literal = "1" [package.metadata.docs.rs] all-features = true From 74a75e2d2978a373e8fd6c39dd52b1f2c817b747 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 19:52:24 -0800 Subject: [PATCH 11/18] chore(deps): bump `digest` to `0.11.0-pre.10` --- Cargo.lock | 48 +++++++++++++++++------------------------ Cargo.toml | 9 ++++++++ balloon-hash/Cargo.toml | 4 ++-- pbkdf2/Cargo.toml | 2 +- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 91f44b6e..756ad516 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -60,19 +60,18 @@ checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36" [[package]] name = "blake2" version = "0.11.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6dbf347378982186052c47f25f33fc1a6eb439ee840d778eb3ec132e304379d" +source = "git+https://github.com/RustCrypto/hashes.git#0d0369ff7dab69e98acfb8a08f4724dbda285e04" dependencies = [ "digest", ] [[package]] name = "block-buffer" -version = "0.11.0-rc.0" +version = "0.11.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17092d478f4fadfb35a7e082f62e49f0907fdf048801d9d706277e34f9df8a78" +checksum = "a229bfd78e4827c91b9b95784f69492c1b77c1ab75a45a8a037b139215086f94" dependencies = [ - "crypto-common", + "hybrid-array", ] [[package]] @@ -115,9 +114,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.10.0-rc.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9adcf94f05e094fca3005698822ec791cb4433ced416afda1c5ca3b8dfc05a2f" +checksum = "1cb3c4a0d3776f7535c32793be81d6d5fec0d48ac70955d9834e643aa249a52f" [[package]] name = "cpufeatures" @@ -173,9 +172,8 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4919aa33c410cb537c1b2a8458a896f9e47ed4349a2002e5b240f358f7bf6ffc" +version = "0.7.0-pre.0" +source = "git+https://github.com/RustCrypto/crypto-bigint.git#2f1b2efda801d6de58b2f011afb46ac33a4fbf7b" dependencies = [ "hybrid-array", "num-traits", @@ -184,20 +182,18 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.0-rc.1" +version = "0.2.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0b8ce8218c97789f16356e7896b3714f26c2ee1079b79c0b7ae7064bb9089fa" +checksum = "170d71b5b14dec99db7739f6fc7d6ec2db80b78c3acb77db48392ccc3d8a9ea0" dependencies = [ - "getrandom 0.2.15", "hybrid-array", - "rand_core 0.6.4", ] [[package]] name = "digest" -version = "0.11.0-pre.9" +version = "0.11.0-pre.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf2e3d6615d99707295a9673e889bf363a04b2a466bd320c65a72536f7577379" +checksum = "6c478574b20020306f98d61c8ca3322d762e1ff08117422ac6106438605ea516" dependencies = [ "block-buffer", "const-oid", @@ -251,26 +247,25 @@ checksum = "bcaaec4551594c969335c98c903c1397853d4198408ea609190f420500f6be71" [[package]] name = "hmac" version = "0.13.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4b1fb14e4df79f9406b434b60acef9f45c26c50062cccf1346c6103b8c47d58" +source = "git+https://github.com/RustCrypto/MACs.git#c7cbed0bd3f7026cc01251cd4602d0db4d0495b9" dependencies = [ "digest", ] [[package]] name = "hybrid-array" -version = "0.2.3" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2d35805454dc9f8662a98d6d61886ffe26bd465f5960e0e55345c70d5c0d2a9" +checksum = "4dab50e193aebe510fe0e40230145820e02f48dae0cf339ea4204e6e708ff7bd" dependencies = [ "typenum", ] [[package]] name = "inout" -version = "0.2.0-rc.0" +version = "0.2.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbc33218cf9ce7b927426ee4ad3501bcc5d8c26bf5fb4a82849a083715aca427" +checksum = "ac5e145e8ade9f74c0a5efc60ccb4e714b0144f7e2220b7ca64254feee71c57f" dependencies = [ "hybrid-array", ] @@ -492,8 +487,7 @@ dependencies = [ [[package]] name = "sha1" version = "0.11.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9540978cef7a8498211c1b1c14e5ce920fe5bd524ea84f4a3d72d4602515ae93" +source = "git+https://github.com/RustCrypto/hashes.git#0d0369ff7dab69e98acfb8a08f4724dbda285e04" dependencies = [ "cfg-if", "cpufeatures", @@ -503,8 +497,7 @@ dependencies = [ [[package]] name = "sha2" version = "0.11.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "540c0893cce56cdbcfebcec191ec8e0f470dd1889b6e7a0b503e310a94a168f5" +source = "git+https://github.com/RustCrypto/hashes.git#0d0369ff7dab69e98acfb8a08f4724dbda285e04" dependencies = [ "cfg-if", "cpufeatures", @@ -514,8 +507,7 @@ dependencies = [ [[package]] name = "streebog" version = "0.11.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcb353b35a577917dbcc59b8bef4084ba206b36851577816d5ffe3dac9b0ad54" +source = "git+https://github.com/RustCrypto/hashes.git#0d0369ff7dab69e98acfb8a08f4724dbda285e04" dependencies = [ "digest", ] diff --git a/Cargo.toml b/Cargo.toml index f666bd7b..c0d20363 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,3 +17,12 @@ opt-level = 2 [patch.crates-io] password-hash = { git = "https://github.com/RustCrypto/traits.git" } + +blake2 = { git = "https://github.com/RustCrypto/hashes.git" } +sha1 = { git = "https://github.com/RustCrypto/hashes.git" } +sha2 = { git = "https://github.com/RustCrypto/hashes.git" } +streebog = { git = "https://github.com/RustCrypto/hashes.git" } + +hmac = { git = "https://github.com/RustCrypto/MACs.git" } + +crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint.git" } diff --git a/balloon-hash/Cargo.toml b/balloon-hash/Cargo.toml index 1e185e60..d3bc6663 100644 --- a/balloon-hash/Cargo.toml +++ b/balloon-hash/Cargo.toml @@ -14,8 +14,8 @@ edition = "2024" rust-version = "1.85" [dependencies] -digest = { version = "=0.11.0-pre.9", default-features = false } -crypto-bigint = { version = "0.6", default-features = false, features = ["hybrid-array"] } +digest = { version = "=0.11.0-pre.10", default-features = false } +crypto-bigint = { version = "=0.7.0-pre.0", default-features = false, features = ["hybrid-array"] } rand_core = { version = "0.9", default-features = false } # optional dependencies diff --git a/pbkdf2/Cargo.toml b/pbkdf2/Cargo.toml index c317bcf0..c6dad509 100644 --- a/pbkdf2/Cargo.toml +++ b/pbkdf2/Cargo.toml @@ -14,7 +14,7 @@ edition = "2024" rust-version = "1.85" [dependencies] -digest = { version = "=0.11.0-pre.9", features = ["mac"] } +digest = { version = "=0.11.0-pre.10", features = ["mac"] } # optional dependencies rayon = { version = "1.7", optional = true } From 4a9e0581eefc20ffb7fc34149f52218110178313 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 20:58:36 -0800 Subject: [PATCH 12/18] disable minimal-versions --- .github/workflows/argon2.yml | 1 + .github/workflows/balloon-hash.yml | 1 + .github/workflows/pbkdf2.yml | 1 + .github/workflows/sha-crypt.yml | 1 + .github/workflows/yescrypt.yml | 1 + 5 files changed, 5 insertions(+) diff --git a/.github/workflows/argon2.yml b/.github/workflows/argon2.yml index 55dc1255..d0664e39 100644 --- a/.github/workflows/argon2.yml +++ b/.github/workflows/argon2.yml @@ -41,6 +41,7 @@ jobs: - run: cargo build --target ${{ matrix.target }} --features zeroize minimal-versions: + if: false # disabled while using pre-releases uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master with: working-directory: ${{ github.workflow }} diff --git a/.github/workflows/balloon-hash.yml b/.github/workflows/balloon-hash.yml index 3492ce8a..5278052c 100644 --- a/.github/workflows/balloon-hash.yml +++ b/.github/workflows/balloon-hash.yml @@ -39,6 +39,7 @@ jobs: - run: cargo build --target ${{ matrix.target }} --release minimal-versions: + if: false # disabled while using pre-releases uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master with: working-directory: ${{ github.workflow }} diff --git a/.github/workflows/pbkdf2.yml b/.github/workflows/pbkdf2.yml index 8b683e8c..4d85cdb1 100644 --- a/.github/workflows/pbkdf2.yml +++ b/.github/workflows/pbkdf2.yml @@ -38,6 +38,7 @@ jobs: - run: cargo build --target ${{ matrix.target }} --no-default-features --features simple minimal-versions: + if: false # disabled while using pre-releases uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master with: working-directory: ${{ github.workflow }} diff --git a/.github/workflows/sha-crypt.yml b/.github/workflows/sha-crypt.yml index 71d61236..4206ce44 100644 --- a/.github/workflows/sha-crypt.yml +++ b/.github/workflows/sha-crypt.yml @@ -37,6 +37,7 @@ jobs: - run: cargo build --target ${{ matrix.target }} --no-default-features minimal-versions: + if: false # disabled while using pre-releases uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master with: working-directory: ${{ github.workflow }} diff --git a/.github/workflows/yescrypt.yml b/.github/workflows/yescrypt.yml index 433ee4ec..346d2180 100644 --- a/.github/workflows/yescrypt.yml +++ b/.github/workflows/yescrypt.yml @@ -18,6 +18,7 @@ env: jobs: minimal-versions: + if: false # disabled while using pre-releases uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master with: working-directory: ${{ github.workflow }} From 47496ffdcb76635348bbe7801f8e60f3a2bd9f76 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 21:00:10 -0800 Subject: [PATCH 13/18] bump clippy to 1.85 --- .github/workflows/workspace.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/workspace.yml b/.github/workflows/workspace.yml index 0b9e9901..8985617b 100644 --- a/.github/workflows/workspace.yml +++ b/.github/workflows/workspace.yml @@ -17,7 +17,7 @@ jobs: - uses: RustCrypto/actions/cargo-cache@master - uses: dtolnay/rust-toolchain@master with: - toolchain: 1.84.0 + toolchain: 1.85.0 components: clippy - run: cargo clippy --all -- -D warnings From 4d36ca81006a3f71a2236bf29fcabf4ec9bee4b6 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 14:49:09 -0800 Subject: [PATCH 14/18] switch to core::error::Error --- Cargo.lock | 4 ++-- argon2/src/error.rs | 5 ++--- pbkdf2/src/lib.rs | 7 ++----- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 756ad516..cd1e753a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -36,9 +36,9 @@ dependencies = [ [[package]] name = "base64ct" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +checksum = "c103cbbedac994e292597ab79342dbd5b306a362045095db54917d92a9fdfd92" [[package]] name = "bcrypt-pbkdf" diff --git a/argon2/src/error.rs b/argon2/src/error.rs index 3a6b9646..b6abef8b 100644 --- a/argon2/src/error.rs +++ b/argon2/src/error.rs @@ -120,9 +120,8 @@ impl From for password_hash::Error { } } -#[cfg(feature = "std")] -impl std::error::Error for Error { - fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { +impl core::error::Error for Error { + fn source(&self) -> Option<&(dyn core::error::Error + 'static)> { match self { Self::B64Encoding(err) => Some(err), _ => None, diff --git a/pbkdf2/src/lib.rs b/pbkdf2/src/lib.rs index 60a686f8..4e6dcf94 100644 --- a/pbkdf2/src/lib.rs +++ b/pbkdf2/src/lib.rs @@ -49,8 +49,8 @@ //! The following example demonstrates the high-level password hashing API: //! //! ``` -//! # fn main() -> Result<(), Box> { -//! # #[cfg(all(feature = "simple", feature = "std"))] +//! # fn main() -> Result<(), Box> { +//! # #[cfg(feature = "simple")] //! # { //! use pbkdf2::{ //! password_hash::{ @@ -81,9 +81,6 @@ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg" )] -#[cfg(feature = "std")] -extern crate std; - #[cfg(feature = "simple")] extern crate alloc; From 5763053e360edd8a0282d59b9be1434fa90d5215 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 21:22:43 -0800 Subject: [PATCH 15/18] migrate to rustsec/audit-check --- .github/workflows/security-audit.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml index 6049f4c6..c0ab0f4f 100644 --- a/.github/workflows/security-audit.yml +++ b/.github/workflows/security-audit.yml @@ -18,11 +18,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - uses: RustCrypto/actions/cargo-cache@master + - uses: dtolnay/rust-toolchain@master + with: + toolchain: stable - name: Cache cargo bin uses: actions/cache@v4 with: path: ~/.cargo/bin - key: ${{ runner.os }}-cargo-audit-v0.21.1 - - uses: actions-rs/audit-check@v1 + key: ${{ runner.os }}-cargo-audit-v0.21.1-rust1.85 + - uses: rustsec/audit-check@v1 with: token: ${{ secrets.GITHUB_TOKEN }} From 10c3387e9fd59294f6952571153506e33ce80820 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Tue, 25 Feb 2025 21:22:43 -0800 Subject: [PATCH 16/18] fixup readme test dependencies --- .readme/Cargo.lock | 130 ++++++++++++++++++++++++++++----------------- .readme/Cargo.toml | 8 +++ 2 files changed, 90 insertions(+), 48 deletions(-) diff --git a/.readme/Cargo.lock b/.readme/Cargo.lock index 62466a47..3dd816cf 100644 --- a/.readme/Cargo.lock +++ b/.readme/Cargo.lock @@ -1,10 +1,10 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "argon2" -version = "0.6.0-pre.0" +version = "0.6.0-pre.1" dependencies = [ "base64ct", "blake2", @@ -14,26 +14,25 @@ dependencies = [ [[package]] name = "base64ct" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +checksum = "c103cbbedac994e292597ab79342dbd5b306a362045095db54917d92a9fdfd92" [[package]] name = "blake2" version = "0.11.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6dbf347378982186052c47f25f33fc1a6eb439ee840d778eb3ec132e304379d" +source = "git+https://github.com/RustCrypto/hashes.git#0d0369ff7dab69e98acfb8a08f4724dbda285e04" dependencies = [ "digest", ] [[package]] name = "block-buffer" -version = "0.11.0-rc.0" +version = "0.11.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17092d478f4fadfb35a7e082f62e49f0907fdf048801d9d706277e34f9df8a78" +checksum = "a229bfd78e4827c91b9b95784f69492c1b77c1ab75a45a8a037b139215086f94" dependencies = [ - "crypto-common", + "hybrid-array", ] [[package]] @@ -44,9 +43,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cipher" -version = "0.5.0-pre.6" +version = "0.5.0-pre.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c71c893d5a1e8257048dbb29954d2e1f85f091a150304f1defe4ca2806da5d3f" +checksum = "5b1425e6ce000f05a73096556cabcfb6a10a3ffe3bb4d75416ca8f00819c0b6a" dependencies = [ "crypto-common", "inout", @@ -54,67 +53,55 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" dependencies = [ "libc", ] [[package]] name = "crypto-common" -version = "0.2.0-rc.0" +version = "0.2.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c070b79a496dccd931229780ad5bbedd535ceff6c3565605a8e440e18e1aa2b" +checksum = "170d71b5b14dec99db7739f6fc7d6ec2db80b78c3acb77db48392ccc3d8a9ea0" dependencies = [ "hybrid-array", ] [[package]] name = "digest" -version = "0.11.0-pre.9" +version = "0.11.0-pre.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf2e3d6615d99707295a9673e889bf363a04b2a466bd320c65a72536f7577379" +checksum = "6c478574b20020306f98d61c8ca3322d762e1ff08117422ac6106438605ea516" dependencies = [ "block-buffer", "crypto-common", "subtle", ] -[[package]] -name = "getrandom" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" -dependencies = [ - "cfg-if", - "libc", - "wasi", -] - [[package]] name = "hmac" version = "0.13.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4b1fb14e4df79f9406b434b60acef9f45c26c50062cccf1346c6103b8c47d58" +source = "git+https://github.com/RustCrypto/MACs.git#c7cbed0bd3f7026cc01251cd4602d0db4d0495b9" dependencies = [ "digest", ] [[package]] name = "hybrid-array" -version = "0.2.0-rc.9" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d306b679262030ad8813a82d4915fc04efff97776e4db7f8eb5137039d56400" +checksum = "4dab50e193aebe510fe0e40230145820e02f48dae0cf339ea4204e6e708ff7bd" dependencies = [ "typenum", ] [[package]] name = "inout" -version = "0.2.0-rc.0" +version = "0.2.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbc33218cf9ce7b927426ee4ad3501bcc5d8c26bf5fb4a82849a083715aca427" +checksum = "ac5e145e8ade9f74c0a5efc60ccb4e714b0144f7e2220b7ca64254feee71c57f" dependencies = [ "hybrid-array", ] @@ -128,8 +115,7 @@ checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "password-hash" version = "0.6.0-rc.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3b470a56963403c40f9dbb41eaee539759de9d026d3324da705a0ae0d269cd" +source = "git+https://github.com/RustCrypto/traits.git#3fa125f4ec6f7610de112220d38ce40113c18f2c" dependencies = [ "base64ct", "rand_core", @@ -138,7 +124,7 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.13.0-pre.0" +version = "0.13.0-pre.1" dependencies = [ "digest", "hmac", @@ -146,13 +132,31 @@ dependencies = [ "sha2", ] +[[package]] +name = "proc-macro2" +version = "1.0.93" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.38" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc" +dependencies = [ + "proc-macro2", +] + [[package]] name = "rand_core" -version = "0.6.4" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +checksum = "7a509b1a2ffbe92afab0e55c8fd99dea1c280e8171bd2d88682bb20bc41cbc2c" dependencies = [ - "getrandom", + "zerocopy", ] [[package]] @@ -167,9 +171,9 @@ dependencies = [ [[package]] name = "salsa20" -version = "0.11.0-pre.1" +version = "0.11.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea4ef53595bd236cf843530a2db25c792acb34e619320d0423e6cbc6d8e3c8c5" +checksum = "1affa54a576c40080654b494bb3f3198fa2fe46e0954b85196d122e3561c2fd0" dependencies = [ "cfg-if", "cipher", @@ -177,7 +181,7 @@ dependencies = [ [[package]] name = "scrypt" -version = "0.12.0-pre.0" +version = "0.12.0-pre.2" dependencies = [ "password-hash", "pbkdf2", @@ -188,8 +192,7 @@ dependencies = [ [[package]] name = "sha2" version = "0.11.0-pre.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "540c0893cce56cdbcfebcec191ec8e0f470dd1889b6e7a0b503e310a94a168f5" +source = "git+https://github.com/RustCrypto/hashes.git#0d0369ff7dab69e98acfb8a08f4724dbda285e04" dependencies = [ "cfg-if", "cpufeatures", @@ -202,6 +205,17 @@ version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +[[package]] +name = "syn" +version = "2.0.98" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + [[package]] name = "typenum" version = "1.17.0" @@ -209,7 +223,27 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] -name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" +name = "unicode-ident" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +checksum = "00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe" + +[[package]] +name = "zerocopy" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dde3bb8c68a8f3f1ed4ac9221aad6b10cece3e60a8e2ea54a6a2dec806d0084c" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eea57037071898bf96a6da35fd626f4f27e9cee3ead2a6c703cf09d472b2e700" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/.readme/Cargo.toml b/.readme/Cargo.toml index 632f52c4..1c9552ae 100644 --- a/.readme/Cargo.toml +++ b/.readme/Cargo.toml @@ -12,3 +12,11 @@ password-hash = "0.6.0-rc.0" argon2 = { path = "../argon2" } pbkdf2 = { path = "../pbkdf2", features = ["simple"] } scrypt = { path = "../scrypt" } + +[patch.crates-io] +password-hash = { git = "https://github.com/RustCrypto/traits.git" } + +blake2 = { git = "https://github.com/RustCrypto/hashes.git" } +sha2 = { git = "https://github.com/RustCrypto/hashes.git" } + +hmac = { git = "https://github.com/RustCrypto/MACs.git" } From d2f6f51b7496e61c65002826c3821a9f42478bac Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Wed, 26 Feb 2025 09:31:25 -0800 Subject: [PATCH 17/18] yescrypt: reformat tests --- yescrypt/tests/kats.rs | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/yescrypt/tests/kats.rs b/yescrypt/tests/kats.rs index 832086b1..360d7399 100644 --- a/yescrypt/tests/kats.rs +++ b/yescrypt/tests/kats.rs @@ -7,7 +7,8 @@ use yescrypt::yescrypt_kdf; #[test] fn kat0() { const EXPECTED: [u8; 64] = hex!( - "77 d6 57 62 38 65 7b 20 3b 19 ca 42 c1 8a 04 97 f1 6b 48 44 e3 07 4a e8 df df fa 3f ed e2 14 42 fc d0 06 9d ed 09 48 f8 32 6a 75 3a 0f c8 1f 17 e8 d3 e0 fb 2e 0d 36 28 cf 35 e2 0c 38 d1 89 06" + "77 d6 57 62 38 65 7b 20 3b 19 ca 42 c1 8a 04 97 f1 6b 48 44 e3 07 4a e8 df df fa 3f ed e2 14 42" + "fc d0 06 9d ed 09 48 f8 32 6a 75 3a 0f c8 1f 17 e8 d3 e0 fb 2e 0d 36 28 cf 35 e2 0c 38 d1 89 06" ); let actual = yescrypt_kdf(b"", b"", 0, 16, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); @@ -23,7 +24,8 @@ fn kat1() { #[test] fn kat2() { const EXPECTED: [u8; 64] = hex!( - "ef ad 0c 23 31 4c b5 72 bc 3c fb 15 43 da 42 f8 a8 b0 73 00 4c 86 6b 64 ab 50 55 a4 f0 9f a5 f5 71 14 2e bf e7 e0 5a 3b 92 c4 32 f3 1d ea 95 ad 5f 9c 85 4b 64 56 46 2f 4b d0 f7 32 b7 cd c5 49" + "ef ad 0c 23 31 4c b5 72 bc 3c fb 15 43 da 42 f8 a8 b0 73 00 4c 86 6b 64 ab 50 55 a4 f0 9f a5 f5" + "71 14 2e bf e7 e0 5a 3b 92 c4 32 f3 1d ea 95 ad 5f 9c 85 4b 64 56 46 2f 4b d0 f7 32 b7 cd c5 49" ); let actual = yescrypt_kdf(b"", b"", 0, 4, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); @@ -32,7 +34,8 @@ fn kat2() { #[test] fn kat3() { const EXPECTED: [u8; 64] = hex!( - "85 dd a4 8c 9e c9 de 2f 7f 1a e8 b4 df ed a5 1f 8b 6d 56 f3 08 1b e1 a7 c0 83 3b a2 71 9a 36 ab 02 88 5d ae 36 55 7d 34 26 86 b1 7b a7 5f 2c 21 77 92 de 09 70 ab 1d 07 a9 c7 50 93 6d 31 42 6f" + "85 dd a4 8c 9e c9 de 2f 7f 1a e8 b4 df ed a5 1f 8b 6d 56 f3 08 1b e1 a7 c0 83 3b a2 71 9a 36 ab" + "02 88 5d ae 36 55 7d 34 26 86 b1 7b a7 5f 2c 21 77 92 de 09 70 ab 1d 07 a9 c7 50 93 6d 31 42 6f" ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); @@ -48,7 +51,8 @@ fn kat4() { #[test] fn kat5() { const EXPECTED: [u8; 64] = hex!( - "4b aa 8c d8 60 8b a9 1f 3e 34 39 d9 ec 4f ae 8f 9f c0 92 d9 ca 22 b7 37 7e 31 ae 5b 9a d7 87 7c 11 68 69 11 62 dd 0e 5e f0 49 e5 70 65 0c be d4 38 4a d6 05 34 fb 0c be d1 9f f3 f0 33 c9 4b 0c" + "4b aa 8c d8 60 8b a9 1f 3e 34 39 d9 ec 4f ae 8f 9f c0 92 d9 ca 22 b7 37 7e 31 ae 5b 9a d7 87 7c" + "11 68 69 11 62 dd 0e 5e f0 49 e5 70 65 0c be d4 38 4a d6 05 34 fb 0c be d1 9f f3 f0 33 c9 4b 0c" ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 1, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); @@ -57,7 +61,8 @@ fn kat5() { #[test] fn kat6() { const EXPECTED: [u8; 64] = hex!( - "e6 e8 bb a0 9b 64 12 ff b0 b3 cc 35 e3 7d 0b 78 2a 47 fb aa dc 57 a0 76 d7 c6 cc 2e 70 91 9a 1b 8d 47 38 c4 f8 33 55 69 07 42 d9 be d7 1c 3b 8f b0 d7 eb 08 6a b1 34 c5 e5 57 07 c2 c1 3c 75 ef" + "e6 e8 bb a0 9b 64 12 ff b0 b3 cc 35 e3 7d 0b 78 2a 47 fb aa dc 57 a0 76 d7 c6 cc 2e 70 91 9a 1b" + "8d 47 38 c4 f8 33 55 69 07 42 d9 be d7 1c 3b 8f b0 d7 eb 08 6a b1 34 c5 e5 57 07 c2 c1 3c 75 ef" ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 2, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); @@ -66,7 +71,8 @@ fn kat6() { #[test] fn kat7() { const EXPECTED: [u8; 64] = hex!( - "ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08 99 7d 70 ae 0a 64 bf 0a 4d 96 c1 73 ab f8 82 79 c1 a9 4a d9 bd f1 68 ed fb bd 90 f6 6e d5 c8 0d" + "ac d9 a4 20 1c f4 a4 76 ec f7 ba a6 11 3d 86 fb 65 cd 07 10 2b 40 04 e4 f9 d9 9c d3 42 55 a1 08" + "99 7d 70 ae 0a 64 bf 0a 4d 96 c1 73 ab f8 82 79 c1 a9 4a d9 bd f1 68 ed fb bd 90 f6 6e d5 c8 0d" ); let actual = yescrypt_kdf(b"", b"", 1, 4, 1, 1, 3, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); @@ -109,7 +115,8 @@ fn kat11() { #[test] fn kat12() { const EXPECTED: [u8; 64] = hex!( - "0c d5 af 76 eb 24 1d f8 11 9a 9a 12 2a e3 69 20 bc c7 f4 14 b9 c0 d5 8f 45 00 80 60 da de 46 b0 c8 09 22 bd cc 16 a3 ab 5d 20 1d 4c 61 40 c6 71 be 1f 75 27 2c a9 04 73 9d 5a d1 ff 67 2b 0c 21" + "0c d5 af 76 eb 24 1d f8 11 9a 9a 12 2a e3 69 20 bc c7 f4 14 b9 c0 d5 8f 45 00 80 60 da de 46 b0" + "c8 09 22 bd cc 16 a3 ab 5d 20 1d 4c 61 40 c6 71 be 1f 75 27 2c a9 04 73 9d 5a d1 ff 67 2b 0c 21" ); let actual = yescrypt_kdf(b"", b"", 182, 4, 1, 1, 0, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); @@ -125,7 +132,8 @@ fn kat13() { #[test] fn kat14() { const EXPECTED: [u8; 64] = hex!( - "23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4 68 ca 36 2c 55 57 cc 04 b6 81 1e 2e 73 08 41 f5 26 d8 f4 f7 ac fb fa 9e 06 fe 1f 38 3a 71 15 5e" + "23 b6 ad f0 b6 0c 9a 99 7f 58 58 3d 80 cd a4 8c 63 8c dc 2f 28 9e df 93 a7 08 07 72 5a 0d 35 c4" + "68 ca 36 2c 55 57 cc 04 b6 81 1e 2e 73 08 41 f5 26 d8 f4 f7 ac fb fa 9e 06 fe 1f 38 3a 71 15 5e" ); let actual = yescrypt_kdf(b"", b"", 182, 4, 1, 1, 1, 0, EXPECTED.len()); assert_eq!(EXPECTED.as_slice(), actual.as_slice()); From 913cfad3863abbd56d259de0a44209cd8fd97e0f Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Wed, 26 Feb 2025 09:36:53 -0800 Subject: [PATCH 18/18] No need for the SemVer policy, already handled by default --- argon2/README.md | 4 ---- balloon-hash/README.md | 5 ----- bcrypt-pbkdf/README.md | 5 ----- password-auth/README.md | 5 ----- pbkdf2/README.md | 4 ---- scrypt/README.md | 5 ----- sha-crypt/README.md | 5 ----- yescrypt/README.md | 5 ----- 8 files changed, 38 deletions(-) diff --git a/argon2/README.md b/argon2/README.md index d828487f..9ece7e51 100644 --- a/argon2/README.md +++ b/argon2/README.md @@ -23,10 +23,6 @@ It implements the following three algorithmic variants: Support is provided for embedded (i.e. `no_std`) environments, including ones without `alloc` support. -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer - ## License Licensed under either of: diff --git a/balloon-hash/README.md b/balloon-hash/README.md index 8ec84507..e623b359 100644 --- a/balloon-hash/README.md +++ b/balloon-hash/README.md @@ -22,11 +22,6 @@ This algorithm is first practical password hashing function that provides: - Performance which meets or exceeds the best heuristically secure password-hashing algorithms -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - ## License Licensed under either of: diff --git a/bcrypt-pbkdf/README.md b/bcrypt-pbkdf/README.md index 44b3543f..e15507db 100644 --- a/bcrypt-pbkdf/README.md +++ b/bcrypt-pbkdf/README.md @@ -10,11 +10,6 @@ Pure Rust implementation of the [`bcrypt_pbkdf`] password-based key derivation function, a custom derivative of PBKDF2 [used in OpenSSH]. -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - ## License Licensed under either of: diff --git a/password-auth/README.md b/password-auth/README.md index f2664b90..4328a866 100644 --- a/password-auth/README.md +++ b/password-auth/README.md @@ -38,11 +38,6 @@ When multiple algorithms are enabled, it will still default to Argon2 for `generate_hash`, but will be able to verify password hashes from PBKDF2 and scrypt as well, if you have them in your password database. -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - ## License Licensed under either of: diff --git a/pbkdf2/README.md b/pbkdf2/README.md index 95550b5f..dbfa82b7 100644 --- a/pbkdf2/README.md +++ b/pbkdf2/README.md @@ -9,10 +9,6 @@ Pure Rust implementation of the [Password-Based Key Derivation Function v2 (PBKDF2)][1]. -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer - ## License Licensed under either of: diff --git a/scrypt/README.md b/scrypt/README.md index e7382b0b..072d558e 100644 --- a/scrypt/README.md +++ b/scrypt/README.md @@ -9,11 +9,6 @@ Pure Rust implementation of the [scrypt key derivation function][1]. -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - ## License Licensed under either of: diff --git a/sha-crypt/README.md b/sha-crypt/README.md index 6ed898ac..19d8ea6e 100644 --- a/sha-crypt/README.md +++ b/sha-crypt/README.md @@ -13,11 +13,6 @@ a legacy password hashing scheme supported by the [POSIX crypt C library][2]. Password hashes using this algorithm start with `$6$` when encoded using the [PHC string format][3]. -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - ## License Licensed under either of: diff --git a/yescrypt/README.md b/yescrypt/README.md index e0f5694e..3387cccd 100644 --- a/yescrypt/README.md +++ b/yescrypt/README.md @@ -15,11 +15,6 @@ The implementation contained in this crate has never been independently audited! USE AT YOUR OWN RISK! -## SemVer Policy - -- All on-by-default features of this library are covered by SemVer -- MSRV is considered exempt from SemVer as noted above - ## License Licensed under the BSD 2-clause license. See file [LICENSE] for more information.