Bump password-hash dependency to v0.3.0-pre.1 (#209)

Author: tarcieri

Cargo.lock

@@ -16,13 +16,13 @@ readme = "README.md"
 
 [dependencies]
 blake2 = { version = "0.9", default-features = false }
-password-hash = { version = "0.2", optional = true }
+password-hash = { version = "=0.3.0-pre.1", optional = true }
 rayon = { version = "1", optional = true }
 zeroize = { version = ">=1, <1.4", optional = true }
 
 [dev-dependencies]
 hex-literal = "0.3"
-password-hash = { version = "0.2", features = ["rand_core"] }
+password-hash = { version = "=0.3.0-pre.1", features = ["rand_core"] }
 rand_core = { version = "0.6", features = ["std"] }
 
 [features]

argon2/Cargo.toml

@@ -2,6 +2,9 @@
 
 use core::fmt;
 
+#[cfg(feature = "password-hash")]
+use password_hash::errors::InvalidValue;
+
 /// Result with argon2's [`Error`] type.
 pub type Result<T> = core::result::Result<T, Error>;
 
@@ -86,21 +89,23 @@ impl fmt::Display for Error {
 impl From<Error> for password_hash::Error {
     fn from(err: Error) -> password_hash::Error {
         match err {
-            Error::AdTooLong => password_hash::Error::ParamValueInvalid,
+            Error::AdTooLong => password_hash::Error::ParamValueInvalid(InvalidValue::TooLong),
             Error::AlgorithmInvalid => password_hash::Error::Algorithm,
-            Error::LanesTooFew => password_hash::Error::ParamValueInvalid,
-            Error::LanesTooMany => password_hash::Error::ParamValueInvalid,
-            Error::MemoryTooLittle => password_hash::Error::ParamValueInvalid,
-            Error::MemoryTooMuch => password_hash::Error::ParamValueInvalid,
+            Error::LanesTooFew => password_hash::Error::ParamValueInvalid(InvalidValue::TooShort),
+            Error::LanesTooMany => password_hash::Error::ParamValueInvalid(InvalidValue::TooLong),
+            Error::MemoryTooLittle => {
+                password_hash::Error::ParamValueInvalid(InvalidValue::TooShort)
+            }
+            Error::MemoryTooMuch => password_hash::Error::ParamValueInvalid(InvalidValue::TooLong),
             Error::PwdTooLong => password_hash::Error::Password,
             Error::OutputTooShort => password_hash::Error::OutputTooShort,
             Error::OutputTooLong => password_hash::Error::OutputTooLong,
-            Error::SaltTooShort => password_hash::Error::SaltTooShort,
-            Error::SaltTooLong => password_hash::Error::SaltTooLong,
-            Error::SecretTooLong => password_hash::Error::ParamValueInvalid,
-            Error::ThreadsTooFew => password_hash::Error::ParamValueInvalid,
-            Error::ThreadsTooMany => password_hash::Error::ParamValueInvalid,
-            Error::TimeTooSmall => password_hash::Error::ParamValueInvalid,
+            Error::SaltTooShort => password_hash::Error::SaltInvalid(InvalidValue::TooShort),
+            Error::SaltTooLong => password_hash::Error::SaltInvalid(InvalidValue::TooLong),
+            Error::SecretTooLong => password_hash::Error::ParamValueInvalid(InvalidValue::TooLong),
+            Error::ThreadsTooFew => password_hash::Error::ParamValueInvalid(InvalidValue::TooShort),
+            Error::ThreadsTooMany => password_hash::Error::ParamValueInvalid(InvalidValue::TooLong),
+            Error::TimeTooSmall => password_hash::Error::ParamValueInvalid(InvalidValue::TooShort),
             Error::VersionInvalid => password_hash::Error::Version,
         }
     }

argon2/src/error.rs

@@ -446,8 +446,7 @@ impl PasswordHasher for Argon2<'_> {
             params.m_cost,
             params.p_cost,
             params.version,
-        )
-        .map_err(|_| password_hash::Error::ParamValueInvalid)?;
+        )?;
 
         // TODO(tarcieri): pass these via `Params` when `Argon::new` accepts `Params`
         hasher.algorithm = Some(algorithm);
@@ -500,7 +499,12 @@ mod tests {
         let salt = Salt::new("somesalt").unwrap();
 
         let res = argon2.hash_password(EXAMPLE_PASSWORD, None, Params::default(), salt);
-        assert_eq!(res, Err(password_hash::Error::SaltTooShort));
+        assert_eq!(
+            res,
+            Err(password_hash::Error::SaltInvalid(
+                password_hash::errors::InvalidValue::TooShort
+            ))
+        );
     }
 
     #[test]

argon2/src/lib.rs

@@ -17,7 +17,7 @@ crypto-mac = "0.11"
 rayon = { version = "1", optional = true }
 base64ct = { version = "1", default-features = false, optional = true }
 hmac = { version = "0.11", default-features = false, optional = true }
-password-hash = { version = "0.2", default-features = false, optional = true, features = ["rand_core"]  }
+password-hash = { version = "=0.3.0-pre.1", default-features = false, optional = true, features = ["rand_core"]  }
 sha1 = { version = "0.9", package = "sha-1", default-features = false, optional = true }
 sha2 = { version = "0.9", default-features = false, optional = true }
 

pbkdf2/Cargo.toml

@@ -2,14 +2,16 @@
 
 use crate::pbkdf2;
 use base64ct::{Base64, Encoding};
+use core::cmp::Ordering;
 use core::{
     convert::{TryFrom, TryInto},
     fmt::{self, Display},
     str::FromStr,
 };
 use hmac::Hmac;
 use password_hash::{
-    Error, Ident, McfHasher, Output, ParamsString, PasswordHash, PasswordHasher, Result, Salt,
+    errors::InvalidValue, Error, Ident, McfHasher, Output, ParamsString, PasswordHash,
+    PasswordHasher, Result, Salt,
 };
 use sha2::{Sha256, Sha512};
 
@@ -188,7 +190,7 @@ impl<'a> TryFrom<&'a PasswordHash<'a>> for Params {
                         value
                             .decimal()?
                             .try_into()
-                            .map_err(|_| Error::ParamValueInvalid)?,
+                            .map_err(|_| Error::ParamValueInvalid(InvalidValue::Malformed))?,
                     )
                 }
                 _ => return Err(Error::ParamNameInvalid),
@@ -197,8 +199,12 @@ impl<'a> TryFrom<&'a PasswordHash<'a>> for Params {
 
         if let Some(len) = output_length {
             if let Some(hash) = &hash.hash {
-                if hash.len() != len {
-                    return Err(Error::ParamValueInvalid);
+                match hash.len().cmp(&len) {
+                    Ordering::Less => return Err(Error::ParamValueInvalid(InvalidValue::TooShort)),
+                    Ordering::Greater => {
+                        return Err(Error::ParamValueInvalid(InvalidValue::TooLong))
+                    }
+                    Ordering::Equal => (),
                 }
             }
 
@@ -244,13 +250,13 @@ impl McfHasher for Pbkdf2 {
                 let mut count_arr = [0u8; 4];
 
                 if Base64::decode(count, &mut count_arr)?.len() != 4 {
-                    return Err(Error::ParamValueInvalid);
+                    return Err(Error::ParamValueInvalid(InvalidValue::Malformed));
                 }
 
                 let count = u32::from_be_bytes(count_arr);
                 (count, salt, hash)
             }
-            _ => return Err(Error::ParamValueInvalid),
+            _ => return Err(Error::ParamValueInvalid(InvalidValue::Malformed)),
         };
 
         let salt = Salt::new(b64_strip(salt))?;

pbkdf2/src/simple.rs

@@ -14,13 +14,13 @@ readme = "README.md"
 [dependencies]
 base64ct = { version = "1", default-features = false, features = ["alloc"], optional = true }
 hmac = "0.11"
-password-hash = { version = "0.2", default-features = false, features = ["rand_core"], optional = true }
+password-hash = { version = "=0.3.0-pre.1", default-features = false, features = ["rand_core"], optional = true }
 pbkdf2 = { version = "0.8", default-features = false, path = "../pbkdf2" }
 salsa20 = { version = "0.8", default-features = false, features = ["expose-core"] }
 sha2 = { version = "0.9", default-features = false }
 
 [dev-dependencies]
-password-hash = { version = "0.2", features = ["rand_core"] }
+password-hash = { version = "=0.3.0-pre.1", features = ["rand_core"] }
 rand_core = { version = "0.6", features = ["std"] }
 
 [features]

scrypt/Cargo.toml

@@ -5,7 +5,7 @@ use crate::errors::InvalidParams;
 #[cfg(feature = "simple")]
 use {
     core::convert::{TryFrom, TryInto},
-    password_hash::{Error, ParamsString, PasswordHash},
+    password_hash::{errors::InvalidValue, Error, ParamsString, PasswordHash},
 };
 
 const RECOMMENDED_LOG_N: u8 = 15;
@@ -138,15 +138,16 @@ impl<'a> TryFrom<&'a PasswordHash<'a>> for Params {
                     log_n = value
                         .decimal()?
                         .try_into()
-                        .map_err(|_| Error::ParamValueInvalid)?
+                        .map_err(|_| Error::ParamValueInvalid(InvalidValue::Malformed))?
                 }
                 "r" => r = value.decimal()?,
                 "p" => p = value.decimal()?,
                 _ => return Err(password_hash::Error::ParamNameInvalid),
             }
         }
 
-        Params::new(log_n, r, p).map_err(|_| password_hash::Error::ParamValueInvalid)
+        Params::new(log_n, r, p)
+            .map_err(|_| password_hash::Error::ParamValueInvalid(InvalidValue::Malformed))
     }
 }
 

scrypt/src/params.rs

@@ -3,7 +3,10 @@
 use crate::{scrypt, Params};
 use base64ct::{Base64, Encoding};
 use core::convert::TryInto;
-use password_hash::{Error, Ident, McfHasher, Output, PasswordHash, PasswordHasher, Result, Salt};
+use password_hash::{
+    errors::InvalidValue, Error, Ident, McfHasher, Output, PasswordHash, PasswordHasher, Result,
+    Salt,
+};
 
 /// Algorithm identifier
 pub const ALG_ID: Ident = Ident::new("scrypt");
@@ -68,24 +71,26 @@ impl McfHasher for Scrypt {
             [Some(""), Some("rscrypt"), Some("0"), Some(p), Some(s), Some(h), Some(""), None] => {
                 let pvec = Base64::decode_vec(p)?;
                 if pvec.len() != 3 {
-                    return Err(Error::ParamValueInvalid);
+                    return Err(Error::ParamValueInvalid(InvalidValue::Malformed));
                 }
                 (pvec[0], pvec[1] as u32, pvec[2] as u32, s, h)
             }
             [Some(""), Some("rscrypt"), Some("1"), Some(p), Some(s), Some(h), Some(""), None] => {
                 let pvec = Base64::decode_vec(p)?;
                 if pvec.len() != 9 {
-                    return Err(Error::ParamValueInvalid);
+                    return Err(Error::ParamValueInvalid(InvalidValue::Malformed));
                 }
                 let log_n = pvec[0];
                 let r = u32::from_le_bytes(pvec[1..5].try_into().unwrap());
                 let p = u32::from_le_bytes(pvec[5..9].try_into().unwrap());
                 (log_n, r, p, s, h)
             }
-            _ => return Err(Error::ParamValueInvalid),
+            _ => return Err(Error::ParamValueInvalid(InvalidValue::Malformed)),
         };
 
-        let params = Params::new(log_n, r, p).map_err(|_| Error::ParamValueInvalid)?;
+        let params = Params::new(log_n, r, p)
+            .map_err(|_| Error::ParamValueInvalid(InvalidValue::Malformed))?;
+
         let salt = Salt::new(b64_strip(salt))?;
         let hash = Output::b64_decode(b64_strip(hash))?;