v0.2.0 (#10)

* Update orion -> 0.16. Rename encrypt_with_nonce -> encrypt_with_derived_nonce

* NITs

* Switch to getrandom

* Fix doctest

* 0.2.0

* Update README and CHANGELOG

* Update fuzzing target

* Remove unused csprng variable in tests

* Remove ignore of rand_core 0.6.1

* Update changelog

.github/dependabot.yml

@@ -6,7 +6,3 @@ updates:
     interval: daily
     time: "07:00"
   open-pull-requests-limit: 10
-  ignore:
-  - dependency-name: rand_core
-    versions:
-    - 0.6.1

.gitignore

@@ -1,2 +1,4 @@
 /target
 Cargo.lock
+
+.idea

CHANGELOG.md

@@ -1,9 +1,17 @@
+### 0.2.0
+
+__Date:__ June 2, 2021.
+
+__Changelog:__
+- Remove `Csprng` trait from public API and use `getrandom` instead
+- Update Orion to `0.16`
+
+
 ### 0.1.1 
 
 __Date:__ March 21, 2021.
 
 __Changelog:__
-
 - Switch from `base64` to `ct-codecs` to provide constant-time Base64 encoding/decoding
 
 

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pasetors"
-version = "0.1.1" # Update html_root_url in lib.rs along with this.
+version = "0.2.0" # Update html_root_url in lib.rs along with this.
 authors = ["brycx <[email protected]>"]
 edition = "2018"
 description = "PASETO: Platform-Agnostic Security Tokens (in Rust)"
@@ -22,13 +22,11 @@ default-features = false
 features = ["u64_backend"]
 
 [dependencies.orion]
-version = "0.15.4"
+version = "0.16.0"
 default-features = false
 
-[dependencies.rand_core]
-version = "0.5.1"
-default-features = false
-features = ["alloc"]
+[dependencies.getrandom]
+version = "0.2"
 
 [dependencies.ct-codecs]
 version = "1.1.1"

README.md

@@ -1,4 +1,4 @@
-![Tests](https://github.com/brycx/pasetors/workflows/Tests/badge.svg) [![Documentation](https://docs.rs/pasetors/badge.svg)](https://docs.rs/pasetors/) [![Crates.io](https://img.shields.io/crates/v/pasetors.svg)](https://crates.io/crates/pasetors) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) [![MSRV](https://img.shields.io/badge/MSRV-1.41-informational.svg)](https://img.shields.io/badge/MSRV-1.41-informational)
+![Tests](https://github.com/brycx/pasetors/workflows/Tests/badge.svg) [![Documentation](https://docs.rs/pasetors/badge.svg)](https://docs.rs/pasetors/) [![Crates.io](https://img.shields.io/crates/v/pasetors.svg)](https://crates.io/crates/pasetors) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) [![MSRV](https://img.shields.io/badge/MSRV-1.51-informational.svg)](https://img.shields.io/badge/MSRV-1.51-informational)
 
 ### PASETOrs
 
@@ -16,22 +16,20 @@ This library includes:
 ### Usage
 ```rust
 use pasetors::version2::*;
-use rand::RngCore;
 use ed25519_dalek::Keypair;
 
 let mut csprng = rand::rngs::OsRng{};
 
 // Create and verify a public token
 let keypair: Keypair = Keypair::generate(&mut csprng);
-let pub_token = PublicToken::sign(&keypair.secret.to_bytes(), &keypair.public.to_bytes(), 
-    b"Message to sign", Some(b"footer"))?;
+let pub_token = PublicToken::sign(&keypair.secret.to_bytes(), &keypair.public.to_bytes(), b"Message to sign", Some(b"footer"))?;
 assert!(PublicToken::verify(&keypair.public.to_bytes(), &pub_token, Some(b"footer")).is_ok());
 
 // Create and verify a local token
 let mut secret = [0u8; 32];
-csprng.try_fill_bytes(&mut secret)?;
+getrandom::getrandom(&mut secret)?;
 
-let local_token = LocalToken::encrypt(&mut csprng, &secret, b"Message to encrypt and authenticate", Some(b"footer"))?;
+let local_token = LocalToken::encrypt(&secret, b"Message to encrypt and authenticate", Some(b"footer"))?;
 assert!(LocalToken::decrypt(&secret, &local_token, Some(b"footer")).is_ok());
 ```
 
@@ -43,7 +41,7 @@ This library has **not undergone any third-party security audit**. Usage is at *
 The [ed25519-dalek](https://github.com/dalek-cryptography/ed25519-dalek) library, used for public tokens, was [included in an audit](https://blog.quarkslab.com/security-audit-of-dalek-libraries.html). The [orion](https://github.com/brycx/orion) library, used for local tokens, has **not** been audited.
 
 ### Minimum Supported Rust Version
-Rust 1.41 or later is supported however, the majority of testing happens with latest stable Rust.
+Rust 1.51 or later is supported however, the majority of testing happens with latest stable Rust.
 
 MSRV may be changed at any point and will not be considered a SemVer breaking change.
 

fuzz/fuzz_targets/fuzz_pasetors.rs

@@ -42,7 +42,7 @@ fuzz_target!(|data: &[u8]| {
     }
 
     let local_token =
-        version2::LocalToken::encrypt(&mut csprng, key.as_ref(), message.as_bytes(), None).unwrap();
+        version2::LocalToken::encrypt(key.as_ref(), message.as_bytes(), None).unwrap();
     if !version2::LocalToken::decrypt(key.as_ref(), &local_token, None).is_ok() {
         panic!("Valid token was NOT verified");
     }

src/errors.rs

@@ -23,8 +23,8 @@ impl From<ct_codecs::Error> for Errors {
     }
 }
 
-impl From<rand_core::Error> for Errors {
-    fn from(_: rand_core::Error) -> Self {
+impl From<getrandom::Error> for Errors {
+    fn from(_: getrandom::Error) -> Self {
         Errors::CsprngError
     }
 }

src/lib.rs

@@ -1,7 +1,6 @@
 //! # Usage:
 //! ```rust
 //! use pasetors::version2::*;
-//! use rand::RngCore;
 //! use ed25519_dalek::Keypair;
 //!
 //! let mut csprng = rand::rngs::OsRng{};
@@ -13,9 +12,9 @@
 //!
 //! // Create and verify a local token
 //! let mut secret = [0u8; 32];
-//! csprng.try_fill_bytes(&mut secret)?;
+//! getrandom::getrandom(&mut secret)?;
 //!
-//! let local_token = LocalToken::encrypt(&mut csprng, &secret, b"Message to encrypt and authenticate", Some(b"footer"))?;
+//! let local_token = LocalToken::encrypt(&secret, b"Message to encrypt and authenticate", Some(b"footer"))?;
 //! assert!(LocalToken::decrypt(&secret, &local_token, Some(b"footer")).is_ok());
 //!
 //! # Ok::<(), pasetors::errors::Errors>(())
@@ -31,7 +30,7 @@
     unused_qualifications,
     overflowing_literals
 )]
-#![doc(html_root_url = "https://docs.rs/pasetors/0.1.1")]
+#![doc(html_root_url = "https://docs.rs/pasetors/0.2.0")]
 
 #[macro_use]
 extern crate alloc;