Updates for password-hash API changes

Includes updates for the following:
- Extract `phc` submodule (RustCrypto/traits#2103)
- Extract `CustomizedPasswordHasher` trait (RustCrypto/traits#2105)

Author: tarcieri

Cargo.lock

@@ -15,3 +15,6 @@ exclude = ["benches", "fuzz"]
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io.password-hash]
+git = "https://github.com/RustCrypto/traits"

Cargo.toml

@@ -7,7 +7,7 @@ use core::{
 };
 
 #[cfg(feature = "password-hash")]
-use password_hash::Ident;
+use password_hash::phc::Ident;
 
 /// Argon2d algorithm identifier
 #[cfg(feature = "password-hash")]
@@ -94,8 +94,8 @@ impl Display for Algorithm {
 impl FromStr for Algorithm {
     type Err = Error;
 
-    fn from_str(s: &str) -> Result<Algorithm> {
-        match s {
+    fn from_str(name: &str) -> Result<Algorithm> {
+        match name {
             "argon2d" => Ok(Algorithm::Argon2d),
             "argon2i" => Ok(Algorithm::Argon2i),
             "argon2id" => Ok(Algorithm::Argon2id),
@@ -112,15 +112,10 @@ impl From<Algorithm> for Ident<'static> {
 }
 
 #[cfg(feature = "password-hash")]
-impl<'a> TryFrom<Ident<'a>> for Algorithm {
+impl TryFrom<&str> for Algorithm {
     type Error = password_hash::Error;
 
-    fn try_from(ident: Ident<'a>) -> password_hash::Result<Algorithm> {
-        match ident {
-            ARGON2D_IDENT => Ok(Algorithm::Argon2d),
-            ARGON2I_IDENT => Ok(Algorithm::Argon2i),
-            ARGON2ID_IDENT => Ok(Algorithm::Argon2id),
-            _ => Err(password_hash::Error::Algorithm),
-        }
+    fn try_from(name: &str) -> password_hash::Result<Algorithm> {
+        name.parse().map_err(|_| password_hash::Error::Algorithm)
     }
 }

argon2/src/algorithm.rs

@@ -39,7 +39,7 @@
 )]
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! use argon2::{
-//!     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
+//!     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, phc::SaltString},
 //!     Argon2
 //! };
 //!
@@ -50,7 +50,7 @@
 //! let argon2 = Argon2::default();
 //!
 //! // Hash password to PHC string ($argon2id$v=19$...)
-//! let password_hash = argon2.hash_password(password, &salt)?.to_string();
+//! let password_hash = argon2.hash_password(password, salt.as_ref())?.to_string();
 //!
 //! // Verify password against PHC string.
 //! //
@@ -73,7 +73,7 @@
 )]
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! use argon2::{
-//!     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString },
+//!     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, phc::SaltString},
 //!     Algorithm, Argon2, Params, Version
 //! };
 //!
@@ -90,7 +90,7 @@
 //! .unwrap();
 //!
 //! // Hash password to PHC string ($argon2id$v=19$...)
-//! let password_hash = argon2.hash_password(password, &salt)?.to_string();
+//! let password_hash = argon2.hash_password(password, salt.as_ref())?.to_string();
 //!
 //! // Verify password against PHC string.
 //! //
@@ -162,7 +162,9 @@ pub use crate::{
 #[cfg(feature = "password-hash")]
 pub use {
     crate::algorithm::{ARGON2D_IDENT, ARGON2I_IDENT, ARGON2ID_IDENT},
-    password_hash::{self, PasswordHash, PasswordHasher, PasswordVerifier},
+    password_hash::{
+        self, CustomizedPasswordHasher, PasswordHash, PasswordHasher, PasswordVerifier,
+    },
 };
 
 use crate::blake2b_long::blake2b_long;
@@ -171,7 +173,7 @@ use core::fmt;
 use memory::Memory;
 
 #[cfg(all(feature = "alloc", feature = "password-hash"))]
-use password_hash::{Decimal, Ident, ParamsString, Salt};
+use password_hash::phc::{Output, ParamsString, Salt};
 
 #[cfg(feature = "zeroize")]
 use zeroize::Zeroize;
@@ -618,43 +620,16 @@ impl<'key> Argon2<'key> {
 }
 
 #[cfg(all(feature = "alloc", feature = "password-hash"))]
-impl PasswordHasher for Argon2<'_> {
+impl CustomizedPasswordHasher for Argon2<'_> {
     type Params = Params;
 
-    fn hash_password<'a>(
-        &self,
-        password: &[u8],
-        salt: impl Into<Salt<'a>>,
-    ) -> password_hash::Result<PasswordHash<'a>> {
-        let salt = salt.into();
-        let mut salt_arr = [0u8; 64];
-        let salt_bytes = salt.decode_b64(&mut salt_arr)?;
-
-        let output_len = self
-            .params
-            .output_len()
-            .unwrap_or(Params::DEFAULT_OUTPUT_LEN);
-
-        let output = password_hash::Output::init_with(output_len, |out| {
-            Ok(self.hash_password_into(password, salt_bytes, out)?)
-        })?;
-
-        Ok(PasswordHash {
-            algorithm: self.algorithm.ident(),
-            version: Some(self.version.into()),
-            params: ParamsString::try_from(&self.params)?,
-            salt: Some(salt),
-            hash: Some(output),
-        })
-    }
-
     fn hash_password_customized<'a>(
         &self,
         password: &[u8],
-        alg_id: Option<Ident<'a>>,
-        version: Option<Decimal>,
+        alg_id: Option<&'a str>,
+        version: Option<u32>,
         params: Params,
-        salt: impl Into<Salt<'a>>,
+        salt: &'a str,
     ) -> password_hash::Result<PasswordHash<'a>> {
         let algorithm = alg_id
             .map(Algorithm::try_from)
@@ -666,8 +641,6 @@ impl PasswordHasher for Argon2<'_> {
             .transpose()?
             .unwrap_or_default();
 
-        let salt = salt.into();
-
         Self {
             secret: self.secret,
             algorithm,
@@ -680,6 +653,36 @@ impl PasswordHasher for Argon2<'_> {
     }
 }
 
+#[cfg(all(feature = "alloc", feature = "password-hash"))]
+impl PasswordHasher for Argon2<'_> {
+    fn hash_password<'a>(
+        &self,
+        password: &[u8],
+        salt: &'a str,
+    ) -> password_hash::Result<PasswordHash<'a>> {
+        let salt = Salt::from_b64(salt)?;
+        let mut salt_arr = [0u8; 64];
+        let salt_bytes = salt.decode_b64(&mut salt_arr)?;
+
+        let output_len = self
+            .params
+            .output_len()
+            .unwrap_or(Params::DEFAULT_OUTPUT_LEN);
+
+        let output = Output::init_with(output_len, |out| {
+            Ok(self.hash_password_into(password, salt_bytes, out)?)
+        })?;
+
+        Ok(PasswordHash {
+            algorithm: self.algorithm.ident(),
+            version: Some(self.version.into()),
+            params: ParamsString::try_from(&self.params)?,
+            salt: Some(salt),
+            hash: Some(output),
+        })
+    }
+}
+
 impl From<Params> for Argon2<'_> {
     fn from(params: Params) -> Self {
         Self::new(Algorithm::default(), Version::default(), params)
@@ -695,7 +698,7 @@ impl From<&Params> for Argon2<'_> {
 #[cfg(all(test, feature = "alloc", feature = "password-hash"))]
 #[allow(clippy::unwrap_used)]
 mod tests {
-    use crate::{Algorithm, Argon2, Params, PasswordHasher, Salt, Version};
+    use crate::{Algorithm, Argon2, CustomizedPasswordHasher, Params, PasswordHasher, Version};
 
     /// Example password only: don't use this as a real password!!!
     const EXAMPLE_PASSWORD: &[u8] = b"hunter42";
@@ -708,7 +711,7 @@ mod tests {
         let argon2 = Argon2::default();
 
         // Too short after decoding
-        let salt = Salt::from_b64("somesalt").unwrap();
+        let salt = "somesalt";
 
         let res =
             argon2.hash_password_customized(EXAMPLE_PASSWORD, None, None, Params::default(), salt);
@@ -730,8 +733,9 @@ mod tests {
 
         let params = Params::new(m_cost, t_cost, p_cost, None).unwrap();
         let hasher = Argon2::new(Algorithm::default(), version, params);
-        let salt = Salt::from_b64(EXAMPLE_SALT).unwrap();
-        let hash = hasher.hash_password(EXAMPLE_PASSWORD, salt).unwrap();
+        let hash = hasher
+            .hash_password(EXAMPLE_PASSWORD, EXAMPLE_SALT)
+            .unwrap();
 
         assert_eq!(hash.version.unwrap(), version.into());
 

argon2/src/lib.rs

@@ -5,7 +5,7 @@ use base64ct::{Base64Unpadded as B64, Encoding};
 use core::str::FromStr;
 
 #[cfg(feature = "password-hash")]
-use password_hash::{ParamsString, PasswordHash};
+use password_hash::{PasswordHash, phc::ParamsString};
 
 /// Argon2 password hash parameters.
 ///

argon2/src/params.rs

@@ -14,7 +14,7 @@ use argon2::{
     PasswordVerifier, Version,
 };
 use hex_literal::hex;
-use password_hash::SaltString;
+use password_hash::phc::SaltString;
 
 /// Params used by the KATs.
 fn example_params() -> Params {
@@ -368,7 +368,10 @@ fn hashtest(
 
     // Test hash encoding
     let salt_string = SaltString::encode_b64(salt).unwrap();
-    let phc_hash = ctx.hash_password(pwd, &salt_string).unwrap().to_string();
+    let phc_hash = ctx
+        .hash_password(pwd, salt_string.as_ref())
+        .unwrap()
+        .to_string();
     assert_eq!(phc_hash, expected_phc_hash);
 
     let hash = PasswordHash::new(alternative_phc_hash).unwrap();

argon2/tests/kat.rs

@@ -9,8 +9,8 @@ use argon2::{
     PasswordVerifier, Version,
 };
 use password_hash::{
-    SaltString,
     errors::{Error, InvalidValue},
+    phc::SaltString,
 };
 
 /// Valid password
@@ -217,7 +217,7 @@ fn check_hash_encoding_parameters_order() {
     let password = b"password";
     let salt_string = SaltString::encode_b64(&salt).unwrap();
     let password_hash = ctx
-        .hash_password(password, &salt_string)
+        .hash_password(password, salt_string.as_ref())
         .unwrap()
         .to_string();
 

argon2/tests/phc_strings.rs

@@ -7,7 +7,7 @@ use core::{
 };
 
 #[cfg(feature = "password-hash")]
-use password_hash::Ident;
+use password_hash::phc::Ident;
 
 /// Balloon primitive type: variants of the algorithm.
 #[derive(Copy, Clone, Debug, Eq, Hash, PartialEq, PartialOrd, Ord, Default)]
@@ -87,11 +87,11 @@ impl From<Algorithm> for Ident<'static> {
 }
 
 #[cfg(feature = "password-hash")]
-impl<'a> TryFrom<Ident<'a>> for Algorithm {
+impl<'a> TryFrom<&'a str> for Algorithm {
     type Error = password_hash::Error;
 
-    fn try_from(ident: Ident<'a>) -> password_hash::Result<Algorithm> {
-        match ident {
+    fn try_from(name: &'a str) -> password_hash::Result<Algorithm> {
+        match name.try_into()? {
             Self::BALLOON_IDENT => Ok(Algorithm::Balloon),
             Self::BALLOON_M_IDENT => Ok(Algorithm::BalloonM),
             _ => Err(password_hash::Error::Algorithm),