Set up simple GitHub Actions workflow

.github/workflows/audit.yml

@@ -0,0 +1,17 @@
+name: Security Audit
+on:
+  schedule:
+    - cron: '0 0 * * 1'
+  push:
+    paths:
+      - Cargo.toml
+jobs:
+  security_audit:
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Security Audit
+        uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci.yml

@@ -0,0 +1,42 @@
+name: CI
+on: push
+jobs:
+  ci:
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.37.0  # MSRV
+          - stable
+          - beta
+          - nightly
+        features:
+          - ""
+          - "zeroize"
+        exclude: # Zeroize 1.1 supports Rust 1.39+
+          - rust: 1.37.0
+            features: "zeroize"
+    steps:
+    - uses: actions/checkout@v1
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: ${{ matrix.rust }}
+        override: true
+        components: rustfmt, clippy
+    - uses: actions-rs/cargo@v1
+      with:
+        command: build
+        args: --no-default-features --features "${{ matrix.features }}"
+    - uses: actions-rs/cargo@v1
+      with:
+        command: test
+        args: --no-default-features --features "${{ matrix.features }}"
+    - uses: actions-rs/cargo@v1
+      with:
+        command: fmt
+        args: --all -- --check
+    - uses: actions-rs/cargo@v1
+      with:
+        command: clippy
+        args: --no-default-features --features "${{ matrix.features }}" -- -D warnings

Cargo.toml

@@ -17,6 +17,10 @@ maintenance = { status = "experimental" }
 [dependencies]
 winapi = { version = "0.3", features = ["bcrypt", "ntstatus"] }
 zeroize = { version = "1.1", optional = true }
+doc-comment = "0.3"
+
+[dev-dependencies]
+doc-comment = "0.3"
 
 [features]
 default = ["zeroize"]

README.md

@@ -2,6 +2,9 @@
 
 [![crates.io](https://img.shields.io/crates/v/win-crypto-ng.svg)](https://crates.io/crates/win-crypto-ng)
 [![docs.rs](https://docs.rs/win-crypto-ng/badge.svg)](https://docs.rs/crate/win-crypto-ng)
+![MSRV](https://img.shields.io/badge/rustc-1.37+-blue.svg)
+[![Build status](https://github.com/emgre/win-crypto-ng/workflows/CI/badge.svg)](https://github.com/emgre/win-crypto-ng/actions)
+[![License](https://img.shields.io/github/license/emgre/win-crypto-ng)](https://github.com/emgre/win-crypto-ng/blob/master/LICENSE.md)
 
 Safe Rust bindings to Microsoft Windows
 [Cryptography API : Next Generation (CNG)](https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal)

src/buffer.rs

@@ -24,7 +24,9 @@ impl Buffer {
     /// assert_eq!(buf.len(), 76);
     /// ```
     pub fn new(size: usize) -> Self {
-        Buffer { inner: vec![0; size] }
+        Buffer {
+            inner: vec![0; size],
+        }
     }
 
     /// Create a new buffer with its data copied from the slice.
@@ -38,7 +40,9 @@ impl Buffer {
     /// assert_eq!(buf.as_slice(), SOME_DATA);
     /// ```
     pub fn from(data: &[u8]) -> Self {
-        Buffer { inner: data.to_vec() }
+        Buffer {
+            inner: data.to_vec(),
+        }
     }
 
     pub fn len(&self) -> usize {

src/hash.rs

@@ -44,12 +44,12 @@
 //! [`hash`]: struct.Hash.html#method.hash
 //! [`finish`]: struct.Hash.html#method.finish
 
-use crate::{Error, Result};
 use crate::buffer::Buffer;
 use crate::helpers::{AlgoHandle, Handle};
-use winapi::shared::bcrypt::*;
-use winapi::shared::minwindef::{DWORD, ULONG, PUCHAR};
+use crate::{Error, Result};
 use std::ptr::null_mut;
+use winapi::shared::bcrypt::*;
+use winapi::shared::minwindef::{DWORD, PUCHAR, ULONG};
 
 /// Hashing algorithm identifiers
 #[derive(Debug, Clone, Copy, PartialOrd, PartialEq)]
@@ -141,17 +141,19 @@ impl HashAlgorithm {
         let mut hash_handle = HashHandle::new();
         let mut object = Buffer::new(object_size);
         unsafe {
-            Error::check(
-                BCryptCreateHash(
-                    self.handle.as_ptr(),
-                    hash_handle.as_mut_ptr(),
-                    object.as_mut_ptr(),
-                    object.len() as ULONG,
-                    null_mut(),
-                    0,
-                    0
-                )
-            ).map(|_| Hash { handle: hash_handle, _object: object })
+            Error::check(BCryptCreateHash(
+                self.handle.as_ptr(),
+                hash_handle.as_mut_ptr(),
+                object.as_mut_ptr(),
+                object.len() as ULONG,
+                null_mut(),
+                0,
+                0,
+            ))
+            .map(|_| Hash {
+                handle: hash_handle,
+                _object: object,
+            })
         }
     }
 }
@@ -169,7 +171,9 @@ impl HashHandle {
 impl Drop for HashHandle {
     fn drop(&mut self) {
         if !self.handle.is_null() {
-            unsafe { BCryptDestroyHash(self.handle); }
+            unsafe {
+                BCryptDestroyHash(self.handle);
+            }
         }
     }
 }
@@ -212,7 +216,7 @@ impl Hash {
                 self.handle.as_ptr(),
                 data.as_ptr() as PUCHAR,
                 data.len() as ULONG,
-                0
+                0,
             ))
         }
     }
@@ -242,14 +246,13 @@ impl Hash {
         let mut result = Buffer::new(hash_size);
 
         unsafe {
-            Error::check(
-                BCryptFinishHash(
-                    self.handle.as_ptr(),
-                    result.as_mut_ptr(),
-                    result.len() as ULONG,
-                    0
-                )
-            ).map(|_| result)
+            Error::check(BCryptFinishHash(
+                self.handle.as_ptr(),
+                result.as_mut_ptr(),
+                result.len() as ULONG,
+                0,
+            ))
+            .map(|_| result)
         }
     }
 
@@ -266,7 +269,9 @@ impl Hash {
     /// assert_eq!(hash_size, 32);
     /// ```
     pub fn hash_size(&self) -> Result<usize> {
-        self.handle.get_property::<DWORD>(BCRYPT_HASH_LENGTH).map(|hash_size| hash_size as usize)
+        self.handle
+            .get_property::<DWORD>(BCRYPT_HASH_LENGTH)
+            .map(|hash_size| hash_size as usize)
     }
 }
 
@@ -278,71 +283,92 @@ mod tests {
 
     #[test]
     fn sha1() {
-        check_hash(HashAlgorithmId::Sha1, DATA.as_bytes(), &[
-            0x2B, 0x44, 0x89, 0x60, 0x6A, 0x23, 0xFB, 0x31,
-            0xFC, 0xDC, 0x84, 0x9F, 0xA7, 0xE5, 0x77, 0xBA,
-            0x90, 0xF6, 0xD3, 0x9A,
-        ])
+        check_hash(
+            HashAlgorithmId::Sha1,
+            DATA.as_bytes(),
+            &[
+                0x2B, 0x44, 0x89, 0x60, 0x6A, 0x23, 0xFB, 0x31, 0xFC, 0xDC, 0x84, 0x9F, 0xA7, 0xE5,
+                0x77, 0xBA, 0x90, 0xF6, 0xD3, 0x9A,
+            ],
+        )
     }
 
     #[test]
     fn sha256() {
-        check_hash(HashAlgorithmId::Sha256, DATA.as_bytes(), &[
-            0x0E, 0xA3, 0x7C, 0x24, 0x3F, 0x60, 0x97, 0x4B,
-            0x0D, 0x54, 0xC6, 0xB2, 0xD7, 0x6C, 0xEC, 0xE3,
-            0xF4, 0xC7, 0x42, 0x49, 0x2C, 0xCE, 0x48, 0xEA,
-            0xF8, 0x1F, 0x35, 0x79, 0x31, 0xD6, 0xD6, 0x9E,
-        ])
+        check_hash(
+            HashAlgorithmId::Sha256,
+            DATA.as_bytes(),
+            &[
+                0x0E, 0xA3, 0x7C, 0x24, 0x3F, 0x60, 0x97, 0x4B, 0x0D, 0x54, 0xC6, 0xB2, 0xD7, 0x6C,
+                0xEC, 0xE3, 0xF4, 0xC7, 0x42, 0x49, 0x2C, 0xCE, 0x48, 0xEA, 0xF8, 0x1F, 0x35, 0x79,
+                0x31, 0xD6, 0xD6, 0x9E,
+            ],
+        )
     }
 
     #[test]
     fn sha384() {
-        check_hash(HashAlgorithmId::Sha384, DATA.as_bytes(), &[
-            0x2A, 0x10, 0x60, 0x89, 0x6A, 0xCB, 0xA9, 0xFA,
-            0x37, 0x11, 0xBF, 0x10, 0x9E, 0x90, 0x24, 0xEA,
-            0x19, 0xF5, 0xFC, 0x33, 0xAF, 0x0F, 0x47, 0x15,
-            0xC3, 0xE9, 0xD8, 0x63, 0xB3, 0x24, 0xA5, 0x08,
-            0x9F, 0xAB, 0x95, 0x36, 0xB2, 0xAC, 0x10, 0xF6,
-            0xC1, 0xE7, 0x31, 0x03, 0x09, 0x54, 0x18, 0x41,
-        ])
+        check_hash(
+            HashAlgorithmId::Sha384,
+            DATA.as_bytes(),
+            &[
+                0x2A, 0x10, 0x60, 0x89, 0x6A, 0xCB, 0xA9, 0xFA, 0x37, 0x11, 0xBF, 0x10, 0x9E, 0x90,
+                0x24, 0xEA, 0x19, 0xF5, 0xFC, 0x33, 0xAF, 0x0F, 0x47, 0x15, 0xC3, 0xE9, 0xD8, 0x63,
+                0xB3, 0x24, 0xA5, 0x08, 0x9F, 0xAB, 0x95, 0x36, 0xB2, 0xAC, 0x10, 0xF6, 0xC1, 0xE7,
+                0x31, 0x03, 0x09, 0x54, 0x18, 0x41,
+            ],
+        )
     }
 
     #[test]
     fn sha512() {
-        check_hash(HashAlgorithmId::Sha512, DATA.as_bytes(), &[
-            0x39, 0x50, 0xAC, 0xCD, 0xFE, 0xF7, 0x46, 0x20,
-            0x71, 0x42, 0x78, 0x76, 0x5B, 0xBD, 0xCE, 0x04,
-            0xD4, 0x57, 0x90, 0x4B, 0x7C, 0xEA, 0x86, 0x31,
-            0x39, 0x6C, 0xBA, 0x6D, 0x8B, 0xCE, 0xFC, 0xE0,
-            0x30, 0x8F, 0xC4, 0x7C, 0xFB, 0x88, 0x5B, 0xC8,
-            0x9E, 0xBD, 0xF4, 0xFF, 0xA6, 0xF9, 0x8F, 0xC8,
-            0x51, 0x05, 0x54, 0x7C, 0xBD, 0xDF, 0x56, 0x57,
-            0xB6, 0xAD, 0xBD, 0xDD, 0xA3, 0x8C, 0xB9, 0xB5,
-        ])
+        check_hash(
+            HashAlgorithmId::Sha512,
+            DATA.as_bytes(),
+            &[
+                0x39, 0x50, 0xAC, 0xCD, 0xFE, 0xF7, 0x46, 0x20, 0x71, 0x42, 0x78, 0x76, 0x5B, 0xBD,
+                0xCE, 0x04, 0xD4, 0x57, 0x90, 0x4B, 0x7C, 0xEA, 0x86, 0x31, 0x39, 0x6C, 0xBA, 0x6D,
+                0x8B, 0xCE, 0xFC, 0xE0, 0x30, 0x8F, 0xC4, 0x7C, 0xFB, 0x88, 0x5B, 0xC8, 0x9E, 0xBD,
+                0xF4, 0xFF, 0xA6, 0xF9, 0x8F, 0xC8, 0x51, 0x05, 0x54, 0x7C, 0xBD, 0xDF, 0x56, 0x57,
+                0xB6, 0xAD, 0xBD, 0xDD, 0xA3, 0x8C, 0xB9, 0xB5,
+            ],
+        )
     }
 
     #[test]
     fn md2() {
-        check_hash(HashAlgorithmId::Md2, DATA.as_bytes(), &[
-            0x08, 0x18, 0x53, 0xA0, 0x5C, 0x1F, 0x58, 0xC6,
-            0xED, 0x43, 0x46, 0x4C, 0x79, 0x7D, 0x65, 0x26,
-        ])
+        check_hash(
+            HashAlgorithmId::Md2,
+            DATA.as_bytes(),
+            &[
+                0x08, 0x18, 0x53, 0xA0, 0x5C, 0x1F, 0x58, 0xC6, 0xED, 0x43, 0x46, 0x4C, 0x79, 0x7D,
+                0x65, 0x26,
+            ],
+        )
     }
 
     #[test]
     fn md4() {
-        check_hash(HashAlgorithmId::Md4, DATA.as_bytes(), &[
-            0x24, 0x3C, 0xDA, 0xF5, 0x91, 0x4A, 0xE8, 0x70,
-            0x91, 0xC7, 0x13, 0xB5, 0xFA, 0x9F, 0xA7, 0x98,
-        ])
+        check_hash(
+            HashAlgorithmId::Md4,
+            DATA.as_bytes(),
+            &[
+                0x24, 0x3C, 0xDA, 0xF5, 0x91, 0x4A, 0xE8, 0x70, 0x91, 0xC7, 0x13, 0xB5, 0xFA, 0x9F,
+                0xA7, 0x98,
+            ],
+        )
     }
 
     #[test]
     fn md5() {
-        check_hash(HashAlgorithmId::Md5, DATA.as_bytes(), &[
-            0xE8, 0x89, 0xD8, 0x2D, 0xD1, 0x11, 0xD6, 0x31,
-            0x5D, 0x7B, 0x1E, 0xDC, 0xE2, 0xB1, 0xB3, 0x0F,
-        ])
+        check_hash(
+            HashAlgorithmId::Md5,
+            DATA.as_bytes(),
+            &[
+                0xE8, 0x89, 0xD8, 0x2D, 0xD1, 0x11, 0xD6, 0x31, 0x5D, 0x7B, 0x1E, 0xDC, 0xE2, 0xB1,
+                0xB3, 0x0F,
+            ],
+        )
     }
 
     fn check_hash(algo_id: HashAlgorithmId, data: &[u8], expected_hash: &[u8]) {
@@ -355,4 +381,4 @@ mod tests {
         assert_eq!(hash_size, expected_hash.len());
         assert_eq!(result.as_slice(), expected_hash);
     }
-}
+}