diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 19b340ed..2e6d68ef 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: - stable - beta - nightly - - 1.41.0 # MSRV + - 1.43.0 # MSRV os: - ubuntu-latest - macos-latest @@ -171,4 +171,4 @@ jobs: - uses: actions-rs/cargo@v1 with: command: doc - args: --no-deps --all-features \ No newline at end of file + args: --no-deps --all-features diff --git a/README.md b/README.md index c1bd5ed3..53124659 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # orion -[![Tests](https://github.com/brycx/orion/workflows/Tests/badge.svg)](https://github.com/brycx/orion/actions) [![Daily tests](https://github.com/brycx/orion/workflows/Daily%20tests/badge.svg)](https://github.com/brycx/orion/actions) [![dudect](https://github.com/brycx/orion-dudect/workflows/dudect/badge.svg)](https://github.com/brycx/orion-dudect/actions) [![Security Audit](https://github.com/brycx/orion/workflows/Security%20Audit/badge.svg)](https://github.com/brycx/orion/actions) [![codecov](https://codecov.io/gh/brycx/orion/branch/master/graph/badge.svg)](https://codecov.io/gh/brycx/orion) [![Documentation](https://docs.rs/orion/badge.svg)](https://docs.rs/orion/) [![Crates.io](https://img.shields.io/crates/v/orion.svg)](https://crates.io/crates/orion) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) [![MSRV](https://img.shields.io/badge/MSRV-1.41-informational.svg)](https://img.shields.io/badge/MSRV-1.41-informational) [![Matrix](https://img.shields.io/matrix/orion-rs:matrix.org.svg?logo=matrix)](https://matrix.to/#/#orion-rs:matrix.org) +[![Tests](https://github.com/brycx/orion/workflows/Tests/badge.svg)](https://github.com/brycx/orion/actions) [![Daily tests](https://github.com/brycx/orion/workflows/Daily%20tests/badge.svg)](https://github.com/brycx/orion/actions) [![dudect](https://github.com/brycx/orion-dudect/workflows/dudect/badge.svg)](https://github.com/brycx/orion-dudect/actions) [![Security Audit](https://github.com/brycx/orion/workflows/Security%20Audit/badge.svg)](https://github.com/brycx/orion/actions) [![codecov](https://codecov.io/gh/brycx/orion/branch/master/graph/badge.svg)](https://codecov.io/gh/brycx/orion) [![Documentation](https://docs.rs/orion/badge.svg)](https://docs.rs/orion/) [![Crates.io](https://img.shields.io/crates/v/orion.svg)](https://crates.io/crates/orion) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) [![MSRV](https://img.shields.io/badge/MSRV-1.43-informational.svg)](https://img.shields.io/badge/MSRV-1.43-informational) [![Matrix](https://img.shields.io/matrix/orion-rs:matrix.org.svg?logo=matrix)](https://matrix.to/#/#orion-rs:matrix.org) ### About orion is a cryptography library written in pure Rust. It aims to provide easy and usable crypto while trying to minimize the use of unsafe code. You can read more about orion in the [wiki](https://github.com/brycx/orion/wiki). @@ -17,7 +17,7 @@ This library has **not undergone any third-party security audit**. Usage is at * More information about security regarding orion is available in the [wiki](https://github.com/brycx/orion/wiki/Security). ### Minimum Supported Rust Version -Rust 1.41 or later is supported however, the majority of testing happens with latest stable Rust. +Rust 1.43 or later is supported however, the majority of testing happens with latest stable Rust. MSRV may be changed at any point and will not be considered a SemVer breaking change. diff --git a/src/hazardous/aead/streaming.rs b/src/hazardous/aead/streaming.rs index 8f384bf7..203ed6b1 100644 --- a/src/hazardous/aead/streaming.rs +++ b/src/hazardous/aead/streaming.rs @@ -47,7 +47,7 @@ //! //! # Panics: //! A panic will occur if: -//! - 64 + (`ciphertext.len()` - [`ABYTES`]) overflows `u64::max_value()` when decrypting. +//! - 64 + (`ciphertext.len()` - [`ABYTES`]) overflows `u64::MAX` when decrypting. //! //! # Security: //! - It is critical for security that a given nonce is not re-used with a given key. @@ -1300,7 +1300,7 @@ mod private { ]; let mut ctx = StreamXChaCha20Poly1305::new(&SecretKey::from(KEY), &Nonce::from(NONCE)); - ctx.counter = u32::max_value(); + ctx.counter = u32::MAX; assert_eq!(ctx.key, before_internal_key.as_ref()); assert_eq!(ctx.get_nonce(), before_internal_nonce.as_ref()); assert_eq!(ctx.counter, u32::from_le_bytes(before_internal_counter)); @@ -1345,7 +1345,7 @@ mod private { ]; let mut ctx = StreamXChaCha20Poly1305::new(&SecretKey::from(KEY), &Nonce::from(NONCE)); - ctx.counter = u32::max_value(); + ctx.counter = u32::MAX; assert_eq!(ctx.key.unprotected_as_bytes(), before_internal_key.as_ref()); assert_eq!(ctx.get_nonce(), before_internal_nonce.as_ref()); assert_eq!(ctx.counter, u32::from_le_bytes(before_internal_counter)); @@ -1390,7 +1390,7 @@ mod private { ]; let mut ctx = StreamXChaCha20Poly1305::new(&SecretKey::from(KEY), &Nonce::from(NONCE)); - ctx.counter = u32::max_value(); + ctx.counter = u32::MAX; assert_eq!(ctx.key, before_internal_key.as_ref()); assert_eq!(ctx.get_nonce(), before_internal_nonce.as_ref()); assert_eq!(ctx.counter, u32::from_le_bytes(before_internal_counter)); @@ -1435,7 +1435,7 @@ mod private { ]; let mut ctx = StreamXChaCha20Poly1305::new(&SecretKey::from(KEY), &Nonce::from(NONCE)); - ctx.counter = u32::max_value(); + ctx.counter = u32::MAX; assert_eq!(ctx.key, before_internal_key.as_ref()); assert_eq!(ctx.get_nonce(), before_internal_nonce.as_ref()); assert_eq!(ctx.counter, u32::from_le_bytes(before_internal_counter)); diff --git a/src/hazardous/hash/blake2b.rs b/src/hazardous/hash/blake2b.rs index 51dec7eb..b255ed42 100644 --- a/src/hazardous/hash/blake2b.rs +++ b/src/hazardous/hash/blake2b.rs @@ -968,7 +968,7 @@ mod private { context.increment_offset(12); assert!(context.t == [30u64, 0u64]); // Overflow - context.increment_offset(u64::max_value()); + context.increment_offset(u64::MAX); assert!(context.t == [29u64, 1u64]); } @@ -980,14 +980,14 @@ mod private { internal_state: IV, buffer: [0u8; BLAKE2B_BLOCKSIZE], leftover: 0, - t: [1u64, u64::max_value()], + t: [1u64, u64::MAX], f: [0u64; 2], is_finalized: false, is_keyed: false, size: 1, }; - context.increment_offset(u64::max_value()); + context.increment_offset(u64::MAX); } } } diff --git a/src/hazardous/hash/sha512.rs b/src/hazardous/hash/sha512.rs index 87c7ca43..e6750a52 100644 --- a/src/hazardous/hash/sha512.rs +++ b/src/hazardous/hash/sha512.rs @@ -263,10 +263,10 @@ impl Sha512 { /// Increment the message length during processing of data. fn increment_mlen(&mut self, length: u64) { // The checked shift checks that the right-hand side is a legal shift. - // The result can still overflow if length > u64::max_value() / 8. + // The result can still overflow if length > u64::MAX / 8. // Should be impossible for a user to trigger, because update() processes // in SHA512_BLOCKSIZE chunks. - debug_assert!(length <= u64::max_value() / 8); + debug_assert!(length <= u64::MAX / 8); // left-shift to get bit-sized representation of length // using .unwrap() because it should not panic in practice @@ -528,7 +528,7 @@ mod private { context.increment_mlen(12); assert!(context.message_len == [0u64, 240u64]); // Overflow - context.increment_mlen(u64::max_value() / 8); + context.increment_mlen(u64::MAX / 8); assert!(context.message_len == [1u64, 232u64]); } @@ -539,10 +539,10 @@ mod private { working_state: H0, buffer: [0u8; SHA512_BLOCKSIZE], leftover: 0, - message_len: [u64::max_value(), u64::max_value() - 7], + message_len: [u64::MAX, u64::MAX - 7], is_finalized: false, }; - // u64::max_value() - 7, to leave so that the length represented + // u64::MAX - 7, to leave so that the length represented // in bites should overflow by exactly one. context.increment_mlen(1); } diff --git a/src/hazardous/kdf/argon2i.rs b/src/hazardous/kdf/argon2i.rs index 6599fd80..dc8b8de0 100644 --- a/src/hazardous/kdf/argon2i.rs +++ b/src/hazardous/kdf/argon2i.rs @@ -39,11 +39,11 @@ //! //! # Errors: //! An error will be returned if: -//! - The length of the `password` is greater than `u32::max_value()`. -//! - The length of the `salt` is greater than `u32::max_value()` or less than `8`. -//! - The length of the `secret` is greater than `u32::max_value()`. -//! - The length of the `ad` is greater than `u32::max_value()`. -//! - The length of `dst_out` is greater than `u32::max_value()` or less than `4`. +//! - The length of the `password` is greater than `u32::MAX`. +//! - The length of the `salt` is greater than `u32::MAX` or less than `8`. +//! - The length of the `secret` is greater than `u32::MAX`. +//! - The length of the `ad` is greater than `u32::MAX`. +//! - The length of `dst_out` is greater than `u32::MAX` or less than `4`. //! - `iterations` is less than `1`. //! - `memory` is less than `8`. //! - The hashed password does not match the expected when verifying. diff --git a/src/hazardous/stream/chacha20.rs b/src/hazardous/stream/chacha20.rs index 333ade38..f1dda110 100644 --- a/src/hazardous/stream/chacha20.rs +++ b/src/hazardous/stream/chacha20.rs @@ -966,8 +966,7 @@ mod private { let mut hchacha_keystream_block_max = [0u8; HCHACHA_OUTSIZE]; chacha_state_hchacha.keystream_block(0, &mut hchacha_keystream_block_zero); - chacha_state_hchacha - .keystream_block(u32::max_value(), &mut hchacha_keystream_block_max); + chacha_state_hchacha.keystream_block(u32::MAX, &mut hchacha_keystream_block_max); assert_eq!(hchacha_keystream_block_zero, hchacha_keystream_block_max); } @@ -1010,7 +1009,7 @@ mod private { U32x4(0, 0, 0, 0), U32x4(0, 0, 0, 0), ], - internal_counter: (u32::max_value() - 128), + internal_counter: (u32::MAX - 128), is_ietf: true, }; @@ -1031,7 +1030,7 @@ mod private { U32x4(0, 0, 0, 0), U32x4(0, 0, 0, 0), ], - internal_counter: (u32::max_value() - 128), + internal_counter: (u32::MAX - 128), is_ietf: false, }; diff --git a/src/high_level/auth.rs b/src/high_level/auth.rs index 7276f34e..bfc9bbc4 100644 --- a/src/high_level/auth.rs +++ b/src/high_level/auth.rs @@ -196,7 +196,7 @@ mod public { /// in `authenticate/authenticate_verify`. fn prop_authenticate_key_size(input: Vec) -> bool { let sec_key_res = SecretKey::from_slice(&input); - if input.len() == 0 || input.len() >= u32::max_value() as usize { + if input.len() == 0 || input.len() >= u32::MAX as usize { return sec_key_res.is_err(); } let sec_key = sec_key_res.unwrap(); diff --git a/src/high_level/hltypes.rs b/src/high_level/hltypes.rs index 8cf2b125..8f2af66d 100644 --- a/src/high_level/hltypes.rs +++ b/src/high_level/hltypes.rs @@ -33,7 +33,7 @@ construct_secret_key_variable_size! { /// An error will be returned if: /// - `slice` is empty. /// - `length` is 0. - /// - `length` is not less than `u32::max_value()`. + /// - `length` is not less than `u32::MAX`. /// /// # Panics: /// A panic will occur if: @@ -50,7 +50,7 @@ construct_salt_variable_size! { /// An error will be returned if: /// - `slice` is empty. /// - `length` is 0. - /// - `length` is not less than `u32::max_value()`. + /// - `length` is not less than `u32::MAX`. /// /// # Panics: /// A panic will occur if: @@ -78,7 +78,7 @@ construct_secret_key_variable_size! { /// An error will be returned if: /// - `slice` is empty. /// - `length` is 0. - /// - `length` is not less than `u32::max_value()`. + /// - `length` is not less than `u32::MAX`. /// /// # Panics: /// A panic will occur if: diff --git a/src/high_level/kdf.rs b/src/high_level/kdf.rs index bddb066f..5fa80cdd 100644 --- a/src/high_level/kdf.rs +++ b/src/high_level/kdf.rs @@ -48,8 +48,8 @@ //! - `iterations` is less than 3. //! - `length` is less than 4. //! - `memory` is less than 8. -//! - The length of the `password` or `expected` is greater than `u32::max_value()`. -//! - The length of the `salt` is greater than `u32::max_value()` or less than `8`. +//! - The length of the `password` or `expected` is greater than `u32::MAX`. +//! - The length of the `salt` is greater than `u32::MAX` or less than `8`. //! - The `expected` does not match the derived key. //! //! # Security: diff --git a/src/high_level/pwhash.rs b/src/high_level/pwhash.rs index 2ef9b640..d2279441 100644 --- a/src/high_level/pwhash.rs +++ b/src/high_level/pwhash.rs @@ -60,7 +60,7 @@ //! An error will be returned if: //! - `memory` is less than 8. //! - `iterations` is less than 3. -//! - The length of the `password` is greater than `u32::max_value()`. +//! - The length of the `password` is greater than `u32::MAX`. //! - The password hash does not match `expected`. //! //! # Panics: @@ -604,7 +604,7 @@ mod public { let exact_min = "$argon2i$v=19$m=8,t=3,p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA"; let less = "$argon2i$v=19$m=7,t=3,p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA"; // Throws error during parsing as u32 - let u32_overflow = format!("$argon2i$v=19$m={},t=3,p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA", u64::max_value()); + let u32_overflow = format!("$argon2i$v=19$m={},t=3,p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA", u64::MAX); assert!(PasswordHash::from_encoded(exact_min).is_ok()); assert!(PasswordHash::from_encoded(less).is_err()); @@ -616,7 +616,7 @@ mod public { let exact_min = "$argon2i$v=19$m=65536,t=3,p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA"; let less = "$argon2i$v=19$m=65536,t=2,p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA"; // Throws error during parsing as u32 - let u32_overflow = format!("$argon2i$v=19$m=65536,t={},p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA", u64::max_value()); + let u32_overflow = format!("$argon2i$v=19$m=65536,t={},p=1$cHBwcHBwcHBwcHBwcHBwcA$MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA", u64::MAX); assert!(PasswordHash::from_encoded(exact_min).is_ok()); assert!(PasswordHash::from_encoded(less).is_err()); diff --git a/src/test_framework/streamcipher_interface.rs b/src/test_framework/streamcipher_interface.rs index c03a4b70..4a7b9318 100644 --- a/src/test_framework/streamcipher_interface.rs +++ b/src/test_framework/streamcipher_interface.rs @@ -212,7 +212,7 @@ fn initial_counter_overflow_err( assert!(encryptor( key, nonce, - u32::max_value(), + u32::MAX, &[0u8; 65], // CHACHA_BLOCKSIZE + 1 one to trigger internal block counter addition. &mut dst_out ) @@ -220,7 +220,7 @@ fn initial_counter_overflow_err( assert!(decryptor( key, nonce, - u32::max_value(), + u32::MAX, &[0u8; 65], // CHACHA_BLOCKSIZE + 1 one to trigger internal block counter addition. &mut dst_out ) @@ -242,7 +242,7 @@ fn initial_counter_max_ok( assert!(encryptor( key, nonce, - u32::max_value(), + u32::MAX, &[0u8; 64], // Only needs to process one keystream &mut dst_out ) @@ -250,7 +250,7 @@ fn initial_counter_max_ok( assert!(decryptor( key, nonce, - u32::max_value(), + u32::MAX, &[0u8; 64], // Only needs to process one keystream &mut dst_out ) diff --git a/src/typedefs.rs b/src/typedefs.rs index 36f9f97b..949600df 100644 --- a/src/typedefs.rs +++ b/src/typedefs.rs @@ -215,7 +215,7 @@ macro_rules! func_generate_variable_size (($name:ident) => ( #[cfg(feature = "safe_api")] /// Randomly generate using a CSPRNG. Not available in `no_std` context. pub fn generate(length: usize) -> Result<$name, UnknownCryptoError> { - if length < 1 || length >= (u32::max_value() as usize) { + if length < 1 || length >= (u32::MAX as usize) { return Err(UnknownCryptoError); } @@ -362,7 +362,7 @@ macro_rules! test_generate_variable (($name:ident) => ( #[cfg(feature = "safe_api")] fn test_generate_variable() { assert!($name::generate(0).is_err()); - assert!($name::generate(usize::max_value()).is_err()); + assert!($name::generate(usize::MAX).is_err()); assert!($name::generate(1).is_ok()); assert!($name::generate(64).is_ok());