pkcs5: bump pbkdf2 to v0.12; scrypt to v0.11

pkcs5/Cargo.toml

@@ -22,9 +22,8 @@ spki = { version = "0.7", path = "../spki" }
 cbc = { version = "0.1.2", optional = true }
 aes = { version = "0.8.2", optional = true, default-features = false }
 des = { version = "0.8.1", optional = true, default-features = false }
-hmac = { version = "0.12.1", optional = true, default-features = false }
-pbkdf2 = { version = "0.11", optional = true, default-features = false }
-scrypt = { version = "0.10", optional = true, default-features = false }
+pbkdf2 = { version = "0.12.1", optional = true, default-features = false }
+scrypt = { version = "0.11", optional = true, default-features = false }
 sha1 = { version = "0.10.1", optional = true, default-features = false }
 sha2 = { version = "0.10.2", optional = true, default-features = false }
 
@@ -33,10 +32,10 @@ hex-literal = "0.3"
 
 [features]
 alloc = []
-3des = ["pbes2", "des"]
-des-insecure = ["pbes2", "des"]
-pbes2 = ["aes", "cbc", "hmac", "pbkdf2", "scrypt", "sha2"]
-sha1-insecure = ["pbes2", "sha1"]
+3des = ["dep:des", "pbes2"]
+des-insecure = ["dep:des", "pbes2"]
+pbes2 = ["dep:aes", "dep:cbc", "dep:pbkdf2", "dep:scrypt", "dep:sha2"]
+sha1-insecure = ["dep:sha1", "pbes2"]
 
 [package.metadata.docs.rs]
 all-features = true

pkcs5/src/lib.rs

@@ -39,6 +39,9 @@ use der::{
     Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, Sequence, Tag, Writer,
 };
 
+#[cfg(feature = "pbes2")]
+pub use scrypt;
+
 #[cfg(all(feature = "alloc", feature = "pbes2"))]
 use alloc::vec::Vec;
 

pkcs5/src/pbes2.rs

@@ -104,7 +104,8 @@ impl<'a> Parameters<'a> {
     ///
     /// For more information on scrypt parameters, see documentation for the
     /// [`scrypt::Params`] struct.
-    #[cfg(feature = "scrypt")]
+    // TODO(tarcieri): encapsulate `scrypt::Params`?
+    #[cfg(feature = "pbes2")]
     pub fn scrypt_aes128cbc(
         params: scrypt::Params,
         salt: &'a [u8],
@@ -123,7 +124,8 @@ impl<'a> Parameters<'a> {
     ///
     /// When in doubt, use `Default::default()` as the [`scrypt::Params`].
     /// This also avoids the need to import the type from the `scrypt` crate.
-    #[cfg(feature = "scrypt")]
+    // TODO(tarcieri): encapsulate `scrypt::Params`?
+    #[cfg(feature = "pbes2")]
     pub fn scrypt_aes256cbc(
         params: scrypt::Params,
         salt: &'a [u8],

pkcs5/src/pbes2/encryption.rs

@@ -5,16 +5,15 @@ use crate::{Error, Result};
 use cbc::cipher::{
     block_padding::Pkcs7, BlockCipher, BlockDecryptMut, BlockEncryptMut, KeyInit, KeyIvInit,
 };
-use hmac::{
-    digest::{
+use pbkdf2::{
+    hmac::digest::{
         block_buffer::Eager,
         core_api::{BlockSizeUser, BufferKindUser, CoreProxy, FixedOutputCore, UpdateCore},
         generic_array::typenum::{IsLess, Le, NonZero, U256},
         HashMarker,
     },
-    Hmac,
+    pbkdf2_hmac,
 };
-use pbkdf2::pbkdf2;
 use scrypt::scrypt;
 
 /// Maximum size of a derived encryption key
@@ -157,18 +156,19 @@ impl EncryptionKey {
     fn derive_with_pbkdf2<D>(password: &[u8], params: &Pbkdf2Params<'_>, length: usize) -> Self
     where
         D: CoreProxy,
-        D::Core: HashMarker
+        D::Core: Sync
+            + HashMarker
             + UpdateCore
             + FixedOutputCore
             + BufferKindUser<BufferKind = Eager>
             + Default
-            + Clone
-            + Sync,
+            + Clone,
         <D::Core as BlockSizeUser>::BlockSize: IsLess<U256>,
         Le<<D::Core as BlockSizeUser>::BlockSize, U256>: NonZero,
     {
         let mut buffer = [0u8; MAX_KEY_LEN];
-        pbkdf2::<Hmac<D>>(
+
+        pbkdf2_hmac::<D>(
             password,
             params.salt,
             params.iteration_count,

pkcs5/src/pbes2/kdf.rs

@@ -35,7 +35,7 @@ pub const HMAC_WITH_SHA512_OID: ObjectIdentifier =
 pub const SCRYPT_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11591.4.11");
 
 /// Type used for expressing scrypt cost
-type ScryptCost = u16;
+type ScryptCost = u64;
 
 /// Password-based key derivation function.
 #[derive(Clone, Debug, Eq, PartialEq)]
@@ -395,12 +395,13 @@ pub struct ScryptParams<'a> {
 }
 
 impl<'a> ScryptParams<'a> {
-    #[cfg(feature = "scrypt")]
+    #[cfg(feature = "pbes2")]
     const INVALID_ERR: Error = Error::AlgorithmParametersInvalid { oid: SCRYPT_OID };
 
     /// Get the [`ScryptParams`] for the provided upstream [`scrypt::Params`]
     /// and a provided salt string.
-    #[cfg(feature = "scrypt")]
+    // TODO(tarcieri): encapsulate `scrypt::Params`?
+    #[cfg(feature = "pbes2")]
     pub fn from_params_and_salt(params: scrypt::Params, salt: &'a [u8]) -> Result<Self> {
         Ok(Self {
             salt,
@@ -455,7 +456,7 @@ impl<'a> TryFrom<AnyRef<'a>> for ScryptParams<'a> {
     }
 }
 
-#[cfg(feature = "scrypt")]
+#[cfg(feature = "pbes2")]
 impl<'a> TryFrom<ScryptParams<'a>> for scrypt::Params {
     type Error = Error;
 
@@ -464,7 +465,7 @@ impl<'a> TryFrom<ScryptParams<'a>> for scrypt::Params {
     }
 }
 
-#[cfg(feature = "scrypt")]
+#[cfg(feature = "pbes2")]
 impl<'a> TryFrom<&ScryptParams<'a>> for scrypt::Params {
     type Error = Error;
 
@@ -482,6 +483,7 @@ impl<'a> TryFrom<&ScryptParams<'a>> for scrypt::Params {
             log_n,
             params.block_size.into(),
             params.parallelization.into(),
+            scrypt::Params::RECOMMENDED_LEN,
         )
         .map_err(|_| ScryptParams::INVALID_ERR)
     }

pkcs8/Cargo.toml

@@ -35,7 +35,7 @@ des-insecure = ["encryption", "pkcs5/des-insecure"]
 encryption = ["alloc", "pkcs5/alloc", "pkcs5/pbes2", "rand_core"]
 getrandom = ["rand_core/getrandom"]
 pem = ["alloc", "der/pem", "spki/pem"]
-sha1 = ["encryption", "pkcs5/sha1"]
+sha1-insecure = ["encryption", "pkcs5/sha1-insecure"]
 std = ["alloc", "der/std", "spki/std"]
 
 [package.metadata.docs.rs]

pkcs8/tests/encrypted_private_key.rs

@@ -183,7 +183,7 @@ fn encrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() {
 #[test]
 fn encrypt_ed25519_der_encpriv_aes256_scrypt() {
     let scrypt_params = pkcs5::pbes2::Parameters::scrypt_aes256cbc(
-        Default::default(),
+        pkcs5::scrypt::Params::new(15, 8, 1, 32).unwrap(),
         &hex!("E6211E2348AD69E0"),
         &hex!("9BD0A6251F2254F9FD5963887C27CF01"),
     )