diff --git a/.github/workflows/argon2.yml b/.github/workflows/argon2.yml index 164529d4..c6da3358 100644 --- a/.github/workflows/argon2.yml +++ b/.github/workflows/argon2.yml @@ -35,10 +35,10 @@ jobs: toolchain: ${{ matrix.rust }} target: ${{ matrix.target }} override: true - - run: cargo build --target ${{ matrix.target }} --release --no-default-features - - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features password-hash - - run: cargo build --target ${{ matrix.target }} --release - - run: cargo build --target ${{ matrix.target }} --release --features zeroize + - run: cargo build --target ${{ matrix.target }} --no-default-features + - run: cargo build --target ${{ matrix.target }} --no-default-features --features password-hash + - run: cargo build --target ${{ matrix.target }} + - run: cargo build --target ${{ matrix.target }} --features zeroize test: runs-on: ubuntu-latest @@ -54,7 +54,7 @@ jobs: profile: minimal toolchain: ${{ matrix.rust }} override: true - - run: cargo test --release --no-default-features - - run: cargo test --release --no-default-features --features password-hash - - run: cargo test --release - - run: cargo test --release --all-features + - run: cargo test --no-default-features + - run: cargo test --no-default-features --features password-hash + - run: cargo test + - run: cargo test --all-features diff --git a/.github/workflows/bcrypt-pbkdf.yml b/.github/workflows/bcrypt-pbkdf.yml index 196272e9..576bae94 100644 --- a/.github/workflows/bcrypt-pbkdf.yml +++ b/.github/workflows/bcrypt-pbkdf.yml @@ -35,7 +35,7 @@ jobs: toolchain: ${{ matrix.rust }} target: ${{ matrix.target }} override: true - - run: cargo build --no-default-features --release --target ${{ matrix.target }} + - run: cargo build --no-default-features --target ${{ matrix.target }} test: runs-on: ubuntu-latest @@ -51,5 +51,5 @@ jobs: profile: minimal toolchain: ${{ matrix.rust }} override: true - - run: cargo test --release --no-default-features - - run: cargo test --release + - run: cargo test --no-default-features + - run: cargo test diff --git a/.github/workflows/pbkdf2.yml b/.github/workflows/pbkdf2.yml index e6430e13..0d649c0d 100644 --- a/.github/workflows/pbkdf2.yml +++ b/.github/workflows/pbkdf2.yml @@ -35,7 +35,8 @@ jobs: toolchain: ${{ matrix.rust }} target: ${{ matrix.target }} override: true - - run: cargo build --target ${{ matrix.target }} --release --no-default-features + - run: cargo build --target ${{ matrix.target }} --no-default-features + - run: cargo build --target ${{ matrix.target }} --no-default-features --features simple test: runs-on: ubuntu-latest @@ -51,10 +52,6 @@ jobs: profile: minimal toolchain: ${{ matrix.rust }} override: true - - run: cargo test --release --no-default-features - - run: cargo test --release - - run: cargo test --release --features simple - - run: cargo test --release --features parallel - - run: cargo test --release --features sha1 - - run: cargo test --release --features simple,sha1 - - run: cargo test --release --all-features + - run: cargo test --no-default-features + - run: cargo test + - run: cargo test --all-features diff --git a/.github/workflows/scrypt.yml b/.github/workflows/scrypt.yml index 8ed510bb..65ed7f99 100644 --- a/.github/workflows/scrypt.yml +++ b/.github/workflows/scrypt.yml @@ -35,8 +35,8 @@ jobs: toolchain: ${{ matrix.rust }} target: ${{ matrix.target }} override: true - - run: cargo build --target ${{ matrix.target }} --release --no-default-features - - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features simple + - run: cargo build --target ${{ matrix.target }} --no-default-features + - run: cargo build --target ${{ matrix.target }} --no-default-features --features simple test: runs-on: ubuntu-latest @@ -52,5 +52,6 @@ jobs: profile: minimal toolchain: ${{ matrix.rust }} override: true - - run: cargo test --release --no-default-features - - run: cargo test --release + - run: cargo test --no-default-features + - run: cargo test + - run: cargo test --all-features diff --git a/.github/workflows/sha-crypt.yml b/.github/workflows/sha-crypt.yml index 4afade82..895b845e 100644 --- a/.github/workflows/sha-crypt.yml +++ b/.github/workflows/sha-crypt.yml @@ -35,7 +35,7 @@ jobs: toolchain: ${{ matrix.rust }} target: ${{ matrix.target }} override: true - - run: cargo build --target ${{ matrix.target }} --release --no-default-features + - run: cargo build --target ${{ matrix.target }} --no-default-features test: runs-on: ubuntu-latest @@ -51,5 +51,6 @@ jobs: profile: minimal toolchain: ${{ matrix.rust }} override: true - - run: cargo test --release --no-default-features - - run: cargo test --release + - run: cargo test --no-default-features + - run: cargo test + - run: cargo test --all-features diff --git a/Cargo.lock b/Cargo.lock index 83f2da6d..96688d49 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,7 +4,7 @@ version = 3 [[package]] name = "argon2" -version = "0.3.1" +version = "0.3.2" dependencies = [ "base64ct", "blake2", @@ -28,10 +28,10 @@ checksum = "8a32fd6af2b5827bce66c29053ba0e7c42b9dcab01835835058558c10851a46b" [[package]] name = "bcrypt-pbkdf" -version = "0.7.1" +version = "0.7.2" dependencies = [ "blowfish", - "crypto-mac 0.11.1", + "hex-literal", "pbkdf2", "sha2", "zeroize", @@ -39,31 +39,22 @@ dependencies = [ [[package]] name = "blake2" -version = "0.9.2" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a4e37d16930f5459780f5621038b6382b9bb37c19016f39fb6b5808d831f174" +checksum = "a58bdf5134c5beae6fc382002c4d88950bad1feea20f8f7165494b6b43b049de" dependencies = [ - "crypto-mac 0.8.0", "digest", - "opaque-debug", ] [[package]] name = "block-buffer" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +checksum = "f1d36a02058e76b040de25a4464ba1c80935655595b661505c8b39b664828b95" dependencies = [ - "block-padding", "generic-array", ] -[[package]] -name = "block-padding" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae" - [[package]] name = "blowfish" version = "0.8.0" @@ -150,32 +141,24 @@ dependencies = [ ] [[package]] -name = "crypto-mac" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" -dependencies = [ - "generic-array", - "subtle", -] - -[[package]] -name = "crypto-mac" -version = "0.11.1" +name = "crypto-common" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" +checksum = "567569e659735adb39ff2d4c20600f7cd78be5471f8c58ab162bce3c03fdbc5f" dependencies = [ "generic-array", - "subtle", ] [[package]] name = "digest" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +checksum = "8549e6bfdecd113b7e221fe60b433087f6957387a20f8118ebca9b12af19143d" dependencies = [ + "block-buffer", + "crypto-common", "generic-array", + "subtle", ] [[package]] @@ -222,11 +205,10 @@ checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0" [[package]] name = "hmac" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" +checksum = "ddca131f3e7f2ce2df364b57949a9d47915cfbd35e46cfee355ccebbf794d6a2" dependencies = [ - "crypto-mac 0.11.1", "digest", ] @@ -238,15 +220,15 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.101" +version = "0.2.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3cb00336871be5ed2c8ed44b60ae9959dc5b9f08539422ed43f09e34ecaeba21" +checksum = "f98a04dce437184842841303488f70d0188c5f51437d2a834dc097eafa909a01" [[package]] name = "memoffset" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59accc507f1338036a0477ef61afdae33cde60840f4dfe481319ce3ad116ddf9" +checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce" dependencies = [ "autocfg", ] @@ -280,9 +262,9 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.9.0" +version = "0.10.0" dependencies = [ - "crypto-mac 0.11.1", + "digest", "hex-literal", "hmac", "password-hash", @@ -294,9 +276,9 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.10" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" +checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" [[package]] name = "rand" @@ -380,7 +362,7 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "scrypt" -version = "0.8.0" +version = "0.8.1" dependencies = [ "hmac", "password-hash", @@ -391,20 +373,18 @@ dependencies = [ [[package]] name = "sha-1" -version = "0.9.8" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99cd6713db3cf16b6c84e06321e049a9b9f699826e16096d23bbcc44d15d51a6" +checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f" dependencies = [ - "block-buffer", "cfg-if", "cpufeatures", "digest", - "opaque-debug", ] [[package]] name = "sha-crypt" -version = "0.3.1" +version = "0.3.2" dependencies = [ "rand", "sha2", @@ -413,26 +393,22 @@ dependencies = [ [[package]] name = "sha2" -version = "0.9.8" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b69f9a4c9740d74c5baa3fd2e547f9525fa8088a8a958e0ca2409a514e33f5fa" +checksum = "900d964dd36bb15bcf2f2b35694c072feab74969a54f2bbeec7a2d725d2bdcb6" dependencies = [ - "block-buffer", "cfg-if", "cpufeatures", "digest", - "opaque-debug", ] [[package]] name = "streebog" -version = "0.9.2" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9a21c1a3920381f27c666a81ad2481abc005900ac871a80b479e1869d54e753" +checksum = "5f2a93b52a311873ee038192d8a95dc3bad1d638ac926c2afee0ea9887ecfaf0" dependencies = [ - "block-buffer", "digest", - "opaque-debug", ] [[package]] @@ -443,9 +419,9 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "typenum" -version = "1.13.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06" +checksum = "b63708a265f51345575b27fe43f9500ad611579e764c79edbc2037b1121959ec" [[package]] name = "version_check" diff --git a/Cargo.toml b/Cargo.toml index 5ba2730f..ae8c916d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,3 +7,6 @@ members = [ "scrypt", "sha-crypt" ] + +[profile.dev] +opt-level = 2 diff --git a/README.md b/README.md index 5cfbd40b..7bcffe4f 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,24 @@ -# RustCrypto: password hashes ![Rust Version][rustc-image] [![Project Chat][chat-image]][chat-link] [![dependency status][deps-image]][deps-link] +# RustCrypto: Password Hashes -Collection of password hashing algorithms, otherwise known as password-based key -derivation functions, written in pure Rust. +[![Project Chat][chat-image]][chat-link] [![dependency status][deps-image]][deps-link] ![Apache2/MIT licensed][license-image] -## Supported algorithms +Collection of password hashing algorithms, otherwise known as password-based key derivation functions, written in pure Rust. -| Name | Crates.io | Documentation | Build | -|-----------|------------|---------------|-------| -| [Argon2](https://en.wikipedia.org/wiki/Argon2) | [![crates.io](https://img.shields.io/crates/v/argon2.svg)](https://crates.io/crates/argon2) | [![Documentation](https://docs.rs/argon2/badge.svg)](https://docs.rs/argon2) | ![Build](https://github.com/RustCrypto/password-hashes/workflows/argon2/badge.svg?branch=master&event=push) | -| [bcrypt-pbkdf](https://flak.tedunangst.com/post/bcrypt-pbkdf) | [![crates.io](https://img.shields.io/crates/v/bcrypt-pbkdf.svg)](https://crates.io/crates/bcrypt-pbkdf) | [![Documentation](https://docs.rs/bcrypt-pbkdf/badge.svg)](https://docs.rs/bcrypt-pbkdf) | ![Build](https://github.com/RustCrypto/password-hashes/workflows/bcrypt-pbkdf/badge.svg?branch=master&event=push) | -| [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) | [![crates.io](https://img.shields.io/crates/v/pbkdf2.svg)](https://crates.io/crates/pbkdf2) | [![Documentation](https://docs.rs/pbkdf2/badge.svg)](https://docs.rs/pbkdf2) | ![Build](https://github.com/RustCrypto/password-hashes/workflows/pbkdf2/badge.svg?branch=master&event=push) | -| [scrypt](https://en.wikipedia.org/wiki/Scrypt) | [![crates.io](https://img.shields.io/crates/v/scrypt.svg)](https://crates.io/crates/scrypt) | [![Documentation](https://docs.rs/scrypt/badge.svg)](https://docs.rs/scrypt) | ![Build](https://github.com/RustCrypto/password-hashes/workflows/scrypt/badge.svg?branch=master&event=push) | -| [SHA-crypt](https://www.akkadia.org/drepper/SHA-crypt.txt) | [![crates.io](https://img.shields.io/crates/v/sha-crypt.svg)](https://crates.io/crates/sha-crypt) | [![Documentation](https://docs.rs/sha-crypt/badge.svg)](https://docs.rs/sha-crypt) | ![Build](https://github.com/RustCrypto/password-hashes/workflows/sha-crypt/badge.svg?branch=master&event=push) | +## Supported Algorithms -Please see the [OWASP Password Storage Cheat Sheet] for assistance in selecting -an appropriate algorithm for your use case. +| Algorithm | Crate | Crates.io | Documentation | MSRV | +|-----------|-------|:----------:|:-------------:|:----:| +| [Argon2] | [`argon2`] | [![crates.io](https://img.shields.io/crates/v/argon2.svg)](https://crates.io/crates/argon2) | [![Documentation](https://docs.rs/argon2/badge.svg)](https://docs.rs/argon2) | ![MSRV 1.51][msrv-1.51] | +| [bcrypt-pbkdf] | [`bcrypt-pbkdf`] |[![crates.io](https://img.shields.io/crates/v/bcrypt-pbkdf.svg)](https://crates.io/crates/bcrypt-pbkdf) | [![Documentation](https://docs.rs/bcrypt-pbkdf/badge.svg)](https://docs.rs/bcrypt-pbkdf) | ![MSRV 1.51][msrv-1.51] | +| [PBKDF2] | [`pbkdf2`] | [![crates.io](https://img.shields.io/crates/v/pbkdf2.svg)](https://crates.io/crates/pbkdf2) | [![Documentation](https://docs.rs/pbkdf2/badge.svg)](https://docs.rs/pbkdf2) | ![MSRV 1.51][msrv-1.51] | +| [scrypt] | [`scrypt`] | [![crates.io](https://img.shields.io/crates/v/scrypt.svg)](https://crates.io/crates/scrypt) | [![Documentation](https://docs.rs/scrypt/badge.svg)](https://docs.rs/scrypt) | ![MSRV 1.51][msrv-1.51] | +| [SHA-crypt] | [`sha-crypt`] | [![crates.io](https://img.shields.io/crates/v/sha-crypt.svg)](https://crates.io/crates/sha-crypt) | [![Documentation](https://docs.rs/sha-crypt/badge.svg)](https://docs.rs/sha-crypt) | ![MSRV 1.51][msrv-1.51] | + +Please see the [OWASP Password Storage Cheat Sheet] for assistance in selecting an appropriate algorithm for your use case. + +### Minimum Supported Rust Version (MSRV) Policy + +MSRV bumps are considered breaking changes and will be performed only with minor version bump. ## License @@ -27,17 +31,30 @@ at your option. ### Contribution -Unless you explicitly state otherwise, any contribution intentionally submitted -for inclusion in the work by you, as defined in the Apache-2.0 license +Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions. [//]: # (badges) -[rustc-image]: https://img.shields.io/badge/rustc-1.41+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes +[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg [deps-image]: https://deps.rs/repo/github/RustCrypto/password-hashes/status.svg [deps-link]: https://deps.rs/repo/github/RustCrypto/password-hashes +[msrv-1.51]: https://img.shields.io/badge/rustc-1.51.0+-blue.svg + +[//]: # (crates) + +[`argon2`]: ./argon2 +[`bcrypt-pbkdf`]: ./bcrypt-pbkdf +[`pbkdf2`]: ./pbkdf2 +[`scrypt`]: ./scrypt +[`sha-crypt`]: ./sha-crypt [//]: # (general links) +[Argon2]: https://en.wikipedia.org/wiki/Argon2 +[bcrypt-pbkdf]: https://flak.tedunangst.com/post/bcrypt-pbkdf +[PBKDF2]: https://en.wikipedia.org/wiki/PBKDF2 +[scrypt]: https://en.wikipedia.org/wiki/Scrypt +[SHA-crypt]: https://www.akkadia.org/drepper/SHA-crypt.txt [OWASP Password Storage Cheat Sheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html diff --git a/argon2/CHANGELOG.md b/argon2/CHANGELOG.md index a919d7cc..db10df06 100644 --- a/argon2/CHANGELOG.md +++ b/argon2/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.3.2 (2021-12-07) +### Changed +- Bump `blake2` dependency to v0.10 ([#254]) + +[#254]: https://github.com/RustCrypto/password-hashes/pull/254 + ## 0.3.1 (2021-09-11) ### Fixed - Handling of `p_cost` parameter ([#235]) diff --git a/argon2/Cargo.toml b/argon2/Cargo.toml index f8159a77..d8df556c 100644 --- a/argon2/Cargo.toml +++ b/argon2/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "argon2" -version = "0.3.1" # Also update html_root_url in lib.rs when bumping this +version = "0.3.2" # Also update html_root_url in lib.rs when bumping this description = """ Pure Rust implementation of the Argon2 password hashing function with support for the Argon2d, Argon2i, and Argon2id algorithmic variants @@ -16,7 +16,7 @@ readme = "README.md" [dependencies] base64ct = "1" -blake2 = { version = "0.9", default-features = false } +blake2 = { version = "0.10", default-features = false } # optional dependencies password-hash = { version = "0.3", optional = true } diff --git a/argon2/src/instance.rs b/argon2/src/instance.rs index f0d0943d..7de46cde 100644 --- a/argon2/src/instance.rs +++ b/argon2/src/instance.rs @@ -2,8 +2,8 @@ use crate::{Algorithm, Argon2, Block, Error, Memory, Params, Result, Version, SYNC_POINTS}; use blake2::{ - digest::{self, VariableOutput}, - Blake2b, Digest, VarBlake2b, + digest::{self, Digest, Output, VariableOutput}, + Blake2b512, Blake2bVar, }; #[cfg(feature = "parallel")] @@ -68,7 +68,7 @@ impl<'a> Instance<'a> { pub fn hash( context: &Argon2<'_>, alg: Algorithm, - initial_hash: digest::Output, + initial_hash: Output, memory: Memory<'a>, out: &mut [u8], ) -> Result<()> { @@ -88,7 +88,7 @@ impl<'a> Instance<'a> { fn new( context: &Argon2<'_>, alg: Algorithm, - mut initial_hash: digest::Output, + mut initial_hash: Output, memory: Memory<'a>, ) -> Result { let lane_length = memory.segment_length() * SYNC_POINTS; @@ -416,41 +416,42 @@ fn blake2b_long(inputs: &[&[u8]], mut out: &mut [u8]) -> Result<()> { let outlen_bytes = (out.len() as u32).to_le_bytes(); if out.len() <= BLAKE2B_OUTBYTES { - let mut digest = VarBlake2b::new(out.len()).unwrap(); - digest::Update::update(&mut digest, &outlen_bytes); + use digest::Update; + + let mut digest = Blake2bVar::new(out.len()).expect("`out` length is valid for Blake2bVar"); + Update::update(&mut digest, &outlen_bytes); for input in inputs { - digest::Update::update(&mut digest, input); + Update::update(&mut digest, input); } - digest.finalize_variable(|hash| out.copy_from_slice(hash)); + digest + .finalize_variable(out) + .expect("`out` length is valid for Blake2bVar"); } else { - let mut digest = Blake2b::new(); + let mut digest = Blake2b512::new(); digest.update(&outlen_bytes); for input in inputs { digest.update(input); } - let mut out_buffer = [0u8; BLAKE2B_OUTBYTES]; - out_buffer.copy_from_slice(&digest.finalize()); + let mut hash = digest.finalize(); - out[..(BLAKE2B_OUTBYTES / 2)].copy_from_slice(&out_buffer[..(BLAKE2B_OUTBYTES / 2)]); - out = &mut out[(BLAKE2B_OUTBYTES / 2)..]; + let n = BLAKE2B_OUTBYTES / 2; - let mut in_buffer = [0u8; BLAKE2B_OUTBYTES]; + let (chunk, tail) = out.split_at_mut(n); + out = tail; + chunk.copy_from_slice(&hash[..n]); while out.len() > BLAKE2B_OUTBYTES { - in_buffer.copy_from_slice(&out_buffer); - out_buffer.copy_from_slice(&Blake2b::digest(&in_buffer)); - - out[..(BLAKE2B_OUTBYTES / 2)].copy_from_slice(&out_buffer[..(BLAKE2B_OUTBYTES / 2)]); - out = &mut out[(BLAKE2B_OUTBYTES / 2)..]; + let (chunk, tail) = out.split_at_mut(n); + out = tail; + hash = Blake2b512::digest(&hash); + chunk.copy_from_slice(&hash[..n]); } - let mut digest = VarBlake2b::new(out.len()).unwrap(); - digest::Update::update(&mut digest, &out_buffer); - digest.finalize_variable(|hash| out.copy_from_slice(hash)); + Blake2bVar::digest_variable(&hash, out).expect("`out` length is valid for Blake2bVar"); } Ok(()) diff --git a/argon2/src/lib.rs b/argon2/src/lib.rs index c689f878..6468cde4 100644 --- a/argon2/src/lib.rs +++ b/argon2/src/lib.rs @@ -74,7 +74,7 @@ #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", - html_root_url = "https://docs.rs/argon2/0.3.0" + html_root_url = "https://docs.rs/argon2/0.3.2" )] #![warn(rust_2018_idioms, missing_docs)] @@ -112,7 +112,7 @@ use crate::{ instance::Instance, memory::{Memory, SYNC_POINTS}, }; -use blake2::{digest, Blake2b, Digest}; +use blake2::{digest::Output, Blake2b512, Digest}; #[cfg(all(feature = "alloc", feature = "password-hash"))] use { @@ -257,13 +257,8 @@ impl<'key> Argon2<'key> { } /// Hashes all the inputs into `blockhash[PREHASH_DIGEST_LEN]`. - pub(crate) fn initial_hash( - &self, - pwd: &[u8], - salt: &[u8], - out: &[u8], - ) -> digest::Output { - let mut digest = Blake2b::new(); + pub(crate) fn initial_hash(&self, pwd: &[u8], salt: &[u8], out: &[u8]) -> Output { + let mut digest = Blake2b512::new(); digest.update(&self.params.lanes().to_le_bytes()); digest.update(&(out.len() as u32).to_le_bytes()); digest.update(&self.params.m_cost().to_le_bytes()); diff --git a/argon2/tests/kat.rs b/argon2/tests/kat.rs index e17cd080..6d443685 100644 --- a/argon2/tests/kat.rs +++ b/argon2/tests/kat.rs @@ -293,9 +293,9 @@ fn argon2id_v0x13() { assert_eq!(out, expected_tag); } -/// ======================================= -/// Basic error checks -/// ======================================= +// ======================================= +// Basic error checks +// ======================================= #[test] fn salt_bad_length() { @@ -306,7 +306,7 @@ fn salt_bad_length() { let ret = ctx.hash_password_into(b"password", &too_short_salt, &mut out); assert_eq!(ret, Err(Error::SaltTooShort)); - // 4Go of RAM seems big, but as long as we ask for a zero-initialized vector + // 4 GiB of RAM seems big, but as long as we ask for a zero-initialized vector // optimizations kicks in an nothing is really allocated let too_long_salt = vec![0u8; argon2::MAX_SALT_LEN + 1]; let ret = ctx.hash_password_into(b"password", &too_long_salt, &mut out); @@ -320,17 +320,17 @@ fn output_bad_length() { let ret = ctx.hash_password_into(b"password", b"diffsalt", &mut out); assert_eq!(ret, Err(Error::OutputTooShort)); - // 4Go of RAM seems big, but as long as we ask for a zero-initialized vector + // 4 GiB of RAM seems big, but as long as we ask for a zero-initialized vector // optimizations kicks in an nothing is really allocated let mut out = vec![0u8; Params::MAX_OUTPUT_LEN + 1]; let ret = ctx.hash_password_into(b"password", b"diffsalt", &mut out); assert_eq!(ret, Err(Error::OutputTooLong)); } -/// ======================================= -/// Reference implementation's test suite -/// ======================================= -/// Taken from https://github.com/P-H-C/phc-winner-argon2/blob/master/src/test.c +// ======================================= +// Reference implementation's test suite +// ======================================= +// Taken from https://github.com/P-H-C/phc-winner-argon2/blob/master/src/test.c fn hashtest( algorithm: Algorithm, diff --git a/bcrypt-pbkdf/CHANGELOG.md b/bcrypt-pbkdf/CHANGELOG.md index c0b07d65..99b4118e 100644 --- a/bcrypt-pbkdf/CHANGELOG.md +++ b/bcrypt-pbkdf/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.7.2 (2021-11-25) +### Changed +- Bump `sha2` and `pbkdf2` dependencies to v0.10 ([#254]) + +[#254]: https://github.com/RustCrypto/password-hashes/pull/254 + ## 0.7.1 (2021-08-27) ### Changed - Bump `pbkdf2` dependency to v0.9 ([#223]) diff --git a/bcrypt-pbkdf/Cargo.toml b/bcrypt-pbkdf/Cargo.toml index 29178b99..ce76fa0f 100644 --- a/bcrypt-pbkdf/Cargo.toml +++ b/bcrypt-pbkdf/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "bcrypt-pbkdf" -version = "0.7.1" # Also update html_root_url in lib.rs when bumping this +version = "0.7.2" # Also update html_root_url in lib.rs when bumping this description = "bcrypt-pbkdf password-based key derivation function" authors = ["RustCrypto Developers"] repository = "https://github.com/RustCrypto/password-hashes/tree/master/bcrypt-pbkdf" @@ -12,10 +12,10 @@ readme = "README.md" [dependencies] blowfish = { version = "0.8", features = ["bcrypt"] } -crypto-mac = "0.11" -pbkdf2 = { version = "0.9", default-features = false, path = "../pbkdf2" } -sha2 = { version = "0.9", default-features = false } -zeroize = { version = ">=1, <1.5", default-features = false } +pbkdf2 = { version = "0.10", default-features = false, path = "../pbkdf2" } +sha2 = { version = "0.10", default-features = false } +zeroize = { version = ">=1, <1.5", default-features = false, optional = true } +hex-literal = "0.3" [features] default = ["std"] diff --git a/bcrypt-pbkdf/LICENSE-MIT b/bcrypt-pbkdf/LICENSE-MIT index c775f610..395ade30 100644 --- a/bcrypt-pbkdf/LICENSE-MIT +++ b/bcrypt-pbkdf/LICENSE-MIT @@ -1,21 +1,26 @@ -The MIT License (MIT) - Copyright (c) 2019 Jack Grigg +Copyright (c) 2019-2021 The RustCrypto Project Developers -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/bcrypt-pbkdf/src/lib.rs b/bcrypt-pbkdf/src/lib.rs index 92c40842..a2c11ffb 100644 --- a/bcrypt-pbkdf/src/lib.rs +++ b/bcrypt-pbkdf/src/lib.rs @@ -8,7 +8,7 @@ #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", - html_root_url = "https://docs.rs/bcrypt-pbkdf/0.7.1" + html_root_url = "https://docs.rs/bcrypt-pbkdf/0.7.2" )] extern crate alloc; @@ -17,12 +17,15 @@ extern crate std; use blowfish::Blowfish; use core::convert::TryInto; -use crypto_mac::{ - generic_array::{typenum::U32, GenericArray}, - Mac, NewMac, Output, +use sha2::{ + digest::{ + crypto_common::{Key, KeyInit, KeySizeUser}, + generic_array::typenum::U32, + FixedOutput, MacMarker, Output, OutputSizeUser, Update, + }, + Digest, Sha512, }; -use pbkdf2::pbkdf2; -use sha2::{Digest, Sha512}; +#[cfg(feature = "zeroize")] use zeroize::Zeroize; mod errors; @@ -32,11 +35,10 @@ pub use errors::Error; const BHASH_WORDS: usize = 8; const BHASH_OUTPUT_SIZE: usize = BHASH_WORDS * 4; const BHASH_SEED: &[u8; BHASH_OUTPUT_SIZE] = b"OxychromaticBlowfishSwatDynamite"; +// number of strides which will be processed on stack +const STACK_STRIDE: usize = 8; -fn bhash(sha2_pass: &[u8], sha2_salt: &[u8]) -> [u8; BHASH_OUTPUT_SIZE] { - assert_eq!(sha2_pass.len(), ::output_size()); - assert_eq!(sha2_salt.len(), ::output_size()); - +fn bhash(sha2_pass: &Output, sha2_salt: &Output) -> Output { let mut blowfish = Blowfish::bc_init_state(); blowfish.salted_expand_key(sha2_salt, sha2_pass); @@ -58,26 +60,28 @@ fn bhash(sha2_pass: &[u8], sha2_salt: &[u8]) -> [u8; BHASH_OUTPUT_SIZE] { } } - let mut output = [0u8; BHASH_OUTPUT_SIZE]; + let mut output = Output::::default(); for i in 0..BHASH_WORDS { output[i * 4..(i + 1) * 4].copy_from_slice(&cdata[i].to_le_bytes()); } - cdata.zeroize(); - output } #[derive(Clone)] struct Bhash { - sha2_pass: GenericArray::OutputSize>, + sha2_pass: Output, salt: Sha512, } -impl NewMac for Bhash { - type KeySize = ::OutputSize; +impl MacMarker for Bhash {} + +impl KeySizeUser for Bhash { + type KeySize = ::OutputSize; +} - fn new(key: &GenericArray) -> Self { +impl KeyInit for Bhash { + fn new(key: &Key) -> Self { Bhash { sha2_pass: *key, salt: Sha512::default(), @@ -85,25 +89,23 @@ impl NewMac for Bhash { } } -impl Mac for Bhash { - type OutputSize = U32; - +impl Update for Bhash { fn update(&mut self, data: &[u8]) { - self.salt.update(data); + Update::update(&mut self.salt, data); } +} - fn reset(&mut self) { - self.salt.reset(); - } +impl OutputSizeUser for Bhash { + type OutputSize = U32; +} - fn finalize(mut self) -> Output { - let mut output = bhash(&self.sha2_pass, &self.salt.finalize_reset()); - let res = Output::new(GenericArray::clone_from_slice(&output[..])); - output.zeroize(); - res +impl FixedOutput for Bhash { + fn finalize_into(mut self, out: &mut Output) { + *out = bhash(&self.sha2_pass, &self.salt.finalize_reset()); } } +#[cfg(feature = "zeroize")] impl Drop for Bhash { fn drop(&mut self) { self.sha2_pass.zeroize(); @@ -140,14 +142,22 @@ pub fn bcrypt_pbkdf( // Allocate a Vec large enough to hold the output we require. let stride = (output.len() + BHASH_OUTPUT_SIZE - 1) / BHASH_OUTPUT_SIZE; - let mut generated = alloc::vec![0; stride * BHASH_OUTPUT_SIZE]; + + let mut vec_buf; + let mut stack_buf = [0u8; STACK_STRIDE * BHASH_OUTPUT_SIZE]; + let generated = if stride > STACK_STRIDE { + vec_buf = alloc::vec![0u8; stride * BHASH_OUTPUT_SIZE]; + &mut vec_buf[..] + } else { + &mut stack_buf[..stride * BHASH_OUTPUT_SIZE] + }; // Run the regular PBKDF2 algorithm with bhash as the MAC. - pbkdf2::( + pbkdf2::pbkdf2::( &Sha512::digest(passphrase.as_bytes()), salt, rounds, - &mut generated, + generated, ); // Apply the bcrypt_pbkdf non-linear transformation on the output. @@ -157,14 +167,14 @@ pub fn bcrypt_pbkdf( *out_byte = generated[chunk_num * BHASH_OUTPUT_SIZE + chunk_index]; } - generated.zeroize(); - Ok(()) } #[cfg(test)] mod test { use super::bhash; + use hex_literal::hex; + use sha2::digest::generic_array::GenericArray; #[test] fn test_bhash() { @@ -174,96 +184,53 @@ mod test { out: [u8; 32], } - let tests = alloc::vec![ + const TEST_VAL: [u8; 64] = hex!( + "000102030405060708090a0b0c0d0e0f" + "101112131415161718191a1b1c1d1e1f" + "202122232425262728292a2b2c2d2e2f" + "303132333435363738393a3b3c3d3e3f" + ); + + let tests = [ Test { - hpass: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - hsalt: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - out: [ - 0x46, 0x02, 0x86, 0xe9, 0x72, 0xfa, 0x83, 0x3f, 0x8b, 0x12, 0x83, 0xad, 0x8f, - 0xa9, 0x19, 0xfa, 0x29, 0xbd, 0xe2, 0x0e, 0x23, 0x32, 0x9e, 0x77, 0x4d, 0x84, - 0x22, 0xba, 0xc0, 0xa7, 0x92, 0x6c, - ], + hpass: [0; 64], + hsalt: [0; 64], + out: hex!( + "460286e972fa833f8b1283ad8fa919fa" + "29bde20e23329e774d8422bac0a7926c" + ), }, Test { - hpass: [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, - 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, - 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - ], - hsalt: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - out: [ - 0xb0, 0xb2, 0x29, 0xdb, 0xc6, 0xba, 0xde, 0xf0, 0xe1, 0xda, 0x25, 0x27, 0x47, - 0x4a, 0x8b, 0x28, 0x88, 0x8f, 0x8b, 0x06, 0x14, 0x76, 0xfe, 0x80, 0xc3, 0x22, - 0x56, 0xe1, 0x14, 0x2d, 0xd0, 0x0d, - ], + hpass: TEST_VAL, + hsalt: [0; 64], + out: hex!( + "b0b229dbc6badef0e1da2527474a8b28" + "888f8b061476fe80c32256e1142dd00d" + ), }, Test { - hpass: [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - ], - hsalt: [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, - 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, - 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - ], - out: [ - 0xb6, 0x2b, 0x4e, 0x36, 0x7d, 0x31, 0x57, 0xf5, 0xc3, 0x1e, 0x4d, 0x2c, 0xba, - 0xfb, 0x29, 0x31, 0x49, 0x4d, 0x9d, 0x3b, 0xdd, 0x17, 0x1d, 0x55, 0xcf, 0x79, - 0x9f, 0xa4, 0x41, 0x60, 0x42, 0xe2, - ], + hpass: [0; 64], + hsalt: TEST_VAL, + out: hex!( + "b62b4e367d3157f5c31e4d2cbafb2931" + "494d9d3bdd171d55cf799fa4416042e2" + ), }, Test { - hpass: [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, - 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, - 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - ], - hsalt: [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, - 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, - 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - ], - out: [ - 0xc6, 0xa9, 0x5f, 0xe6, 0x41, 0x31, 0x15, 0xfb, 0x57, 0xe9, 0x9f, 0x75, 0x74, - 0x98, 0xe8, 0x5d, 0xa3, 0xc6, 0xe1, 0xdf, 0x0c, 0x3c, 0x93, 0xaa, 0x97, 0x5c, - 0x54, 0x8a, 0x34, 0x43, 0x26, 0xf8, - ], + hpass: TEST_VAL, + hsalt: TEST_VAL, + out: hex!( + "c6a95fe6413115fb57e99f757498e85d" + "a3c6e1df0c3c93aa975c548a344326f8" + ), }, ]; for t in tests.iter() { - let out = bhash(&t.hpass, &t.hsalt); - assert_eq!(out, t.out); + let hpass = GenericArray::from_slice(&t.hpass); + let hsalt = GenericArray::from_slice(&t.hsalt); + let out = bhash(hpass, hsalt); + assert_eq!(out[..], t.out[..]); } } } diff --git a/pbkdf2/CHANGELOG.md b/pbkdf2/CHANGELOG.md index 42de1dce..fa45304e 100644 --- a/pbkdf2/CHANGELOG.md +++ b/pbkdf2/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.10.0 (2021-11-25) +### Changed +- Migrate from `crypto-mac` to `digest` v0.10 ([#254]) + +[#254]: https://github.com/RustCrypto/password-hashes/pull/254 + ## 0.9.0 (2021-08-27) ### Added - GOST test vectors ([#191]) diff --git a/pbkdf2/Cargo.toml b/pbkdf2/Cargo.toml index 046000c5..e7169f90 100644 --- a/pbkdf2/Cargo.toml +++ b/pbkdf2/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "pbkdf2" -version = "0.9.0" # Also update html_root_url in lib.rs when bumping this +version = "0.10.0" # Also update html_root_url in lib.rs when bumping this authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" description = "Generic implementation of PBKDF2" @@ -12,21 +12,21 @@ edition = "2018" readme = "README.md" [dependencies] -crypto-mac = "0.11" +digest = { version = "0.10", features = ["mac"] } # optional dependencies rayon = { version = "1", optional = true } -hmac = { version = "0.11", default-features = false, optional = true } password-hash = { version = "0.3", default-features = false, optional = true, features = ["rand_core"] } -sha1 = { version = "0.9", package = "sha-1", default-features = false, optional = true } -sha2 = { version = "0.9", default-features = false, optional = true } +hmac = { version = "0.12", default-features = false, optional = true } +sha1 = { version = "0.10", package = "sha-1", default-features = false, optional = true } +sha2 = { version = "0.10", default-features = false, optional = true } [dev-dependencies] +hmac = "0.12" hex-literal = "0.3" -hmac = "0.11" -sha1 = { version = "0.9", package = "sha-1" } -sha2 = "0.9" -streebog = "0.9" +sha1 = { version = "0.10", package = "sha-1" } +sha2 = "0.10" +streebog = "0.10" [features] default = ["simple"] diff --git a/pbkdf2/LICENSE-MIT b/pbkdf2/LICENSE-MIT index 8dcb85b3..51a2e809 100644 --- a/pbkdf2/LICENSE-MIT +++ b/pbkdf2/LICENSE-MIT @@ -1,4 +1,5 @@ Copyright (c) 2017 Artyom Pavlov +Copyright (c) 2018-2021 The RustCrypto Project Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/pbkdf2/src/lib.rs b/pbkdf2/src/lib.rs index 78d537da..9019b09f 100644 --- a/pbkdf2/src/lib.rs +++ b/pbkdf2/src/lib.rs @@ -57,7 +57,7 @@ #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", - html_root_url = "https://docs.rs/pbkdf2/0.9.0" + html_root_url = "https://docs.rs/pbkdf2/0.10.0" )] #[cfg(feature = "std")] @@ -79,8 +79,7 @@ pub use crate::simple::{Algorithm, Params, Pbkdf2}; #[cfg(feature = "parallel")] use rayon::prelude::*; -use crypto_mac::generic_array::typenum::Unsigned; -use crypto_mac::{Mac, NewMac}; +use digest::{generic_array::typenum::Unsigned, FixedOutput, KeyInit, Update}; #[inline(always)] fn xor(res: &mut [u8], salt: &[u8]) { @@ -89,9 +88,9 @@ fn xor(res: &mut [u8], salt: &[u8]) { } #[inline(always)] -fn pbkdf2_body(i: u32, chunk: &mut [u8], prf: &F, salt: &[u8], rounds: u32) +fn pbkdf2_body(i: u32, chunk: &mut [u8], prf: &PRF, salt: &[u8], rounds: u32) where - F: Mac + Clone, + PRF: KeyInit + Update + FixedOutput + Clone, { for v in chunk.iter_mut() { *v = 0; @@ -102,7 +101,7 @@ where prfc.update(salt); prfc.update(&(i + 1).to_be_bytes()); - let salt = prfc.finalize().into_bytes(); + let salt = prfc.finalize_fixed(); xor(chunk, &salt); salt }; @@ -110,38 +109,40 @@ where for _ in 1..rounds { let mut prfc = prf.clone(); prfc.update(&salt); - salt = prfc.finalize().into_bytes(); + salt = prfc.finalize_fixed(); xor(chunk, &salt); } } /// Generic implementation of PBKDF2 algorithm. -#[cfg(feature = "parallel")] +#[cfg(not(feature = "parallel"))] #[inline] -pub fn pbkdf2(password: &[u8], salt: &[u8], rounds: u32, res: &mut [u8]) +pub fn pbkdf2(password: &[u8], salt: &[u8], rounds: u32, res: &mut [u8]) where - F: Mac + NewMac + Clone + Sync, + PRF: KeyInit + Update + FixedOutput + Clone + Sync, { - let n = F::OutputSize::to_usize(); - let prf = F::new_from_slice(password).expect("HMAC accepts all key sizes"); + let n = PRF::OutputSize::to_usize(); + // note: HMAC can be initialized with keys of any size, + // so this panic never happens with it + let prf = PRF::new_from_slice(password).expect("PRF initialization failure"); - res.par_chunks_mut(n).enumerate().for_each(|(i, chunk)| { + for (i, chunk) in res.chunks_mut(n).enumerate() { pbkdf2_body(i as u32, chunk, &prf, salt, rounds); - }); + } } /// Generic implementation of PBKDF2 algorithm. -#[cfg(not(feature = "parallel"))] +#[cfg(feature = "parallel")] #[inline] -pub fn pbkdf2(password: &[u8], salt: &[u8], rounds: u32, res: &mut [u8]) +pub fn pbkdf2(password: &[u8], salt: &[u8], rounds: u32, res: &mut [u8]) where - F: Mac + NewMac + Clone + Sync, + PRF: KeyInit + Update + FixedOutput + Clone + Sync, { - let n = F::OutputSize::to_usize(); - let prf = F::new_from_slice(password).expect("HMAC accepts all key sizes"); + let n = PRF::OutputSize::to_usize(); + let prf = PRF::new_from_slice(password).expect("PRF initialization failure"); - for (i, chunk) in res.chunks_mut(n).enumerate() { + res.par_chunks_mut(n).enumerate().for_each(|(i, chunk)| { pbkdf2_body(i as u32, chunk, &prf, salt, rounds); - } + }); } diff --git a/scrypt/CHANGELOG.md b/scrypt/CHANGELOG.md index 367c7d2d..ffa3c1f3 100644 --- a/scrypt/CHANGELOG.md +++ b/scrypt/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.8.1 (2021-11-25) +### Changed +- Bump `sha2` dependency to v0.10, `pbkdf2` to v0.10, `hmac` to v0.12 ([#254]) + +[#254]: https://github.com/RustCrypto/password-hashes/pull/254 + ## 0.8.0 (2021-08-27) ### Changed - Bump `password-hash` to v0.3 ([#217]) diff --git a/scrypt/Cargo.toml b/scrypt/Cargo.toml index 707f42b1..8bd86e8c 100644 --- a/scrypt/Cargo.toml +++ b/scrypt/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "scrypt" -version = "0.8.0" # Also update html_root_url in lib.rs when bumping this +version = "0.8.1" # Also update html_root_url in lib.rs when bumping this authors = ["RustCrypto Developers"] license = "MIT OR Apache-2.0" description = "Scrypt password-based key derivation function" @@ -12,10 +12,10 @@ edition = "2018" readme = "README.md" [dependencies] -hmac = "0.11" -pbkdf2 = { version = "0.9", default-features = false, path = "../pbkdf2" } +hmac = "0.12" +pbkdf2 = { version = "0.10", default-features = false, path = "../pbkdf2" } salsa20 = { version = "0.9", default-features = false, features = ["expose-core"] } -sha2 = { version = "0.9", default-features = false } +sha2 = { version = "0.10", default-features = false } # optional dependencies password-hash = { version = "0.3", default-features = false, features = ["rand_core"], optional = true } diff --git a/scrypt/LICENSE-MIT b/scrypt/LICENSE-MIT index 95d1222e..c869ada5 100644 --- a/scrypt/LICENSE-MIT +++ b/scrypt/LICENSE-MIT @@ -1,6 +1,4 @@ -Copyright (c) 2006-2009 Graydon Hoare -Copyright (c) 2009-2013 Mozilla Foundation -Copyright (c) 2018 Artyom Pavlov +Copyright (c) 2021 The RustCrypto Project Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated diff --git a/scrypt/src/lib.rs b/scrypt/src/lib.rs index 671b2b1b..f31f3d60 100644 --- a/scrypt/src/lib.rs +++ b/scrypt/src/lib.rs @@ -47,7 +47,7 @@ #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", - html_root_url = "https://docs.rs/scrypt/0.8.0" + html_root_url = "https://docs.rs/scrypt/0.8.1" )] #[macro_use] diff --git a/scrypt/src/params.rs b/scrypt/src/params.rs index ec0b26c8..a67ad8da 100644 --- a/scrypt/src/params.rs +++ b/scrypt/src/params.rs @@ -19,6 +19,7 @@ pub struct Params { pub(crate) log_n: u8, pub(crate) r: u32, pub(crate) p: u32, + #[allow(dead_code)] // this field is used only with the `PasswordHasher` impl pub(crate) len: usize, } diff --git a/sha-crypt/CHANGELOG.md b/sha-crypt/CHANGELOG.md index 5fff5013..2df80cec 100644 --- a/sha-crypt/CHANGELOG.md +++ b/sha-crypt/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.3.2 (2021-11-25) +### Changed +- Bump `sha2` dependency to v0.10 ([#254]) + +[#254]: https://github.com/RustCrypto/password-hashes/pull/254 + ## 0.3.1 (2021-09-17) ### Fixed - Handle B64 decoding errors ([#242]) diff --git a/sha-crypt/Cargo.toml b/sha-crypt/Cargo.toml index 6b78a011..16cfd364 100644 --- a/sha-crypt/Cargo.toml +++ b/sha-crypt/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "sha-crypt" -version = "0.3.1" # Also update html_root_url in lib.rs when bumping this +version = "0.3.2" # Also update html_root_url in lib.rs when bumping this description = """ Pure Rust implementation of the SHA-crypt password hash based on SHA-512 as implemented by the POSIX crypt C library @@ -15,7 +15,7 @@ edition = "2018" readme = "README.md" [dependencies] -sha2 = { version = "0.9", default-features = false } +sha2 = { version = "0.10", default-features = false } # optional dependencies rand = { version = "0.8", optional = true } diff --git a/sha-crypt/LICENSE-APACHE b/sha-crypt/LICENSE-APACHE new file mode 100644 index 00000000..78173fa2 --- /dev/null +++ b/sha-crypt/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/sha-crypt/LICENSE-MIT b/sha-crypt/LICENSE-MIT new file mode 100644 index 00000000..c869ada5 --- /dev/null +++ b/sha-crypt/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2021 The RustCrypto Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/sha-crypt/src/lib.rs b/sha-crypt/src/lib.rs index 0c4e519e..a235be14 100644 --- a/sha-crypt/src/lib.rs +++ b/sha-crypt/src/lib.rs @@ -33,7 +33,7 @@ #![doc( html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg", - html_root_url = "https://docs.rs/sha-crypt/0.3.1" + html_root_url = "https://docs.rs/sha-crypt/0.3.2" )] #![deny(unsafe_code)] #![warn(missing_docs, rust_2018_idioms)]