pbkdf2: add PHC hash support using password-hash crate (RustCrypto#82)

Implements the PHC string format for hashes, currently gated under the
`include_simple` cargo feature.

Specifics of how the format is encoded/decoded are modeled off of the
implementation of PHC hashes for PBKDF2 implemented by Auth0.

See this thread for more information:
https://community.auth0.com/t/bulk-user-import-custom-password-hash-issue/47408/5

Author: tarcieri

.github/workflows/bcrypt-pbkdf.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.41.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -42,7 +42,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.41.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
     steps:
       - uses: actions/checkout@v1

.github/workflows/pbkdf2.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.41.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -35,14 +35,14 @@ jobs:
           toolchain: ${{ matrix.rust }}
           target: ${{ matrix.target }}
           override: true
-      - run: cargo build --no-default-features --release --target ${{ matrix.target }}
+      - run: cargo build --target ${{ matrix.target }} --release --no-default-features
 
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
         rust:
-          - 1.41.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
     steps:
       - uses: actions/checkout@v1
@@ -52,5 +52,9 @@ jobs:
           toolchain: ${{ matrix.rust }}
           override: true
       - run: cargo test --release --no-default-features
-      - run: cargo test --release --features parallel
       - run: cargo test --release
+      - run: cargo test --release --features include_simple
+      - run: cargo test --release --features parallel
+      - run: cargo test --release --features sha1
+      - run: cargo test --release --features include_simple,sha1
+      - run: cargo test --release --all-features

.github/workflows/scrypt.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.41.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -42,7 +42,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.41.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
     steps:
       - uses: actions/checkout@v1

.github/workflows/workspace.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
-          toolchain: 1.41.0 # MSRV
+          toolchain: 1.47.0 # MSRV
           components: clippy
       - run: cargo clippy --all -- -D warnings
 

Cargo.lock

@@ -5,3 +5,6 @@ members = [
     "scrypt",
     "sha-crypt"
 ]
+
+[patch.crates-io]
+password-hash = { git = "https://github.com/rustcrypto/traits" }

Cargo.toml

@@ -13,7 +13,7 @@ readme = "README.md"
 [dependencies]
 blowfish = { version = "0.7", features = ["bcrypt"] }
 crypto-mac = "0.10"
-pbkdf2 = { version = "0.6.0", default-features = false, path = "../pbkdf2" }
+pbkdf2 = { version = "=0.7.0-pre", default-features = false, path = "../pbkdf2" }
 sha2 = { version = "0.9", default-features = false }
 zeroize = { version = "1", default-features = false }
 

bcrypt-pbkdf/Cargo.toml

@@ -13,7 +13,7 @@ Pure Rust implementation of the bcrypt-pbkdf password-based key derivation funct
 
 ## Minimum Supported Rust Version
 
-Rust **1.41** or higher.
+Rust **1.47** or higher.
 
 Minimum supported Rust version can be changed in the future, but it will be
 done with a minor version bump.
@@ -45,7 +45,7 @@ dual licensed as above, without any additional terms or conditions.
 [docs-image]: https://docs.rs/bcrypt-pbkdf/badge.svg
 [docs-link]: https://docs.rs/bcrypt-pbkdf/
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.41+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.47+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes
 [build-image]: https://github.com/RustCrypto/password-hashes/workflows/bcrypt-pbkdf/badge.svg?branch=master&event=push

bcrypt-pbkdf/README.md

@@ -1,6 +1,6 @@
 [package]
 name = "pbkdf2"
-version = "0.6.0"
+version = "0.7.0-pre"
 authors = ["RustCrypto Developers"]
 license = "MIT OR Apache-2.0"
 description = "Generic implementation of PBKDF2"
@@ -19,17 +19,24 @@ base64 = { version = "0.13", default-features = false, features = ["alloc"], opt
 rand = { version = "0.7", default-features = false, optional = true }
 rand_core = { version = "0.5", default-features = false, features = ["getrandom"], optional = true }
 hmac = { version = "0.10", default-features = false, optional = true }
+password-hash = { version = "0", default-features = false, features = ["alloc"], optional = true }
+sha1 = { version = "0.9", package = "sha-1", default-features = false, optional = true }
 sha2 = { version = "0.9", default-features = false, optional = true }
 subtle = { version = "2", default-features = false, optional = true }
 
 [dev-dependencies]
+hex-literal = "0.3"
 hmac = "0.10"
-sha-1 = "0.9"
+sha1 = { version = "0.9", package = "sha-1" }
 sha2 = "0.9"
 
 [features]
 default = ["include_simple", "thread_rng"]
 parallel = ["rayon", "std"]
-include_simple = ["sha2", "hmac", "rand_core", "base64", "subtle"]
+include_simple = ["sha2", "hmac", "password-hash", "rand_core", "base64", "subtle"]
 thread_rng = ["rand"]
 std = []
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "docsrs"]

pbkdf2/Cargo.toml

@@ -13,7 +13,7 @@ Pure Rust implementation of the [Password-Based Key Derivation Function v2 (PBKD
 
 ## Minimum Supported Rust Version
 
-Rust **1.41** or higher.
+Rust **1.47** or higher.
 
 Minimum supported Rust version can be changed in the future, but it will be
 done with a minor version bump.
@@ -45,7 +45,7 @@ dual licensed as above, without any additional terms or conditions.
 [docs-image]: https://docs.rs/pbkdf2/badge.svg
 [docs-link]: https://docs.rs/pbkdf2/
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.41+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.47+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes
 [build-image]: https://github.com/RustCrypto/password-hashes/workflows/pbkdf2/badge.svg?branch=master&event=push