Use 'RustCrypto'-based crypto in lieu of 'ring'.

Introduces the 'signed', 'private', and 'key-expansion' features. Removes 'Key::from_master()' in favor of 'Key::derive_from()' and 'Key::from()', the former of which is only available when 'key-expansion' is enabled. Updates version to 0.14.0.
rwf2 · May 24, 2020 · 08ebc40 · 08ebc40
1 parent 3b8c648
commit 08ebc40
Show file tree

Hide file tree

Showing 14 changed files with 372 additions and 290 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -6,13 +6,7 @@ matrix:
     - rust: nightly
 
 script:
-  - cargo build --verbose
-  - cargo test --verbose --no-default-features
-  - cargo test --verbose
-  - cargo test --verbose --features percent-encode
-  - cargo test --verbose --features secure
-  - cargo test --verbose --all-features
-  - rustdoc --test README.md -L target
+  - ./scripts/test.sh
 
 notifications:
   email:

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,8 @@
 [package]
 name = "cookie"
-authors = ["Alex Crichton <[email protected]>", "Sergio Benitez <[email protected]>"]
-version = "0.13.3"
+version = "0.14.0"
+authors = ["Sergio Benitez <[email protected]>", "Alex Crichton <[email protected]>"]
+edition = "2018"
 license = "MIT/Apache-2.0"
 repository = "https://github.com/SergioBenitez/cookie-rs"
 documentation = "https://docs.rs/cookie"
@@ -11,14 +12,23 @@ and private (encrypted + signed) jars.
 """
 
 [features]
-secure = ["ring", "base64"]
 percent-encode = ["percent-encoding"]
+secure = ["private", "signed", "key-expansion"]
+private = ["aes-gcm", "base64", "rand"]
+signed = ["hmac", "sha2", "base64", "rand"]
+key-expansion = ["sha2", "hkdf"]
 
 [dependencies]
 time = { version = "0.2.6", default-features = false, features = ["std"] }
 percent-encoding = { version = "2.0", optional = true }
-ring = { version = "0.16.0", optional = true }
+
+# dependencies for secure (private/signed) functionality
+aes-gcm = { version = "0.5.0", optional = true }
+hmac = { version = "0.7.1", optional = true }
+sha2 = { version = "0.8.2", optional = true }
 base64 = { version = "0.11.0", optional = true }
+rand = { version = "0.7.3", optional = true }
+hkdf = { version = "0.8.0", optional = true }
 
 [package.metadata.docs.rs]
 all-features = true
diff --git a/scripts/test.sh b/scripts/test.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+cargo build --verbose
+
+cargo test --verbose --features percent-encode
+cargo test --verbose --features private
+cargo test --verbose --features signed
+cargo test --verbose --features secure
+cargo test --verbose --features 'private,key-expansion'
+cargo test --verbose --features 'signed,key-expansion'
+cargo test --verbose --features 'secure,percent-encode'
+
+cargo test --verbose
+cargo test --verbose --no-default-features
+cargo test --verbose --all-features
+
+rustdoc --test README.md -L target
diff --git a/src/builder.rs b/src/builder.rs
@@ -2,15 +2,15 @@ use std::borrow::Cow;
 
 use time::{Duration, OffsetDateTime};
 
-use ::{Cookie, SameSite};
+use crate::{Cookie, SameSite};
 
 /// Structure that follows the builder pattern for building `Cookie` structs.
 ///
 /// To construct a cookie:
 ///
-///   1. Call [`Cookie::build`](struct.Cookie.html#method.build) to start building.
+///   1. Call [`Cookie::build`] to start building.
 ///   2. Use any of the builder methods to set fields in the cookie.
-///   3. Call [finish](#method.finish) to retrieve the built cookie.
+///   3. Call [`CookieBuilder::finish()`] to retrieve the built cookie.
 ///
 /// # Example
 ///
@@ -40,8 +40,7 @@ pub struct CookieBuilder<'c> {
 impl<'c> CookieBuilder<'c> {
     /// Creates a new `CookieBuilder` instance from the given name and value.
     ///
-    /// This method is typically called indirectly via
-    /// [Cookie::build](struct.Cookie.html#method.build).
+    /// This method is typically called indirectly via [`Cookie::build()`].
     ///
     /// # Example
     ///

diff --git a/src/delta.rs b/src/delta.rs
@@ -2,7 +2,7 @@ use std::ops::{Deref, DerefMut};
 use std::hash::{Hash, Hasher};
 use std::borrow::Borrow;
 
-use Cookie;
+use crate::Cookie;
 
 /// A `DeltaCookie` is a helper structure used in a cookie jar. It wraps a
 /// `Cookie` so that it can be hashed and compared purely by name. It further

diff --git a/src/draft.rs b/src/draft.rs
@@ -12,8 +12,9 @@ use std::fmt;
 /// requests with "safe" HTTP methods, i.e, `GET`, `HEAD`, `OPTIONS`, `TRACE`.
 /// If the `SameSite` attribute is "None", the cookie is sent in all cross-site
 /// requests if the "Secure" flag is also set, otherwise the cookie is ignored.
-/// This library automatically writes the "Secure" flag on cookies with
-/// `SameSite::None` as long as `secure` is not explicitly set to `false`.
+/// This library automatically sets the "Secure" flag on cookies when
+/// `same_site` is set to `SameSite::None` as long as `secure` is not explicitly
+/// set to `false`.
 ///
 /// If the `SameSite` attribute is not present (by not setting `SameSite`
 /// initally or passing `None` to [`Cookie::set_same_site()`]), then the cookie

diff --git a/src/jar.rs b/src/jar.rs
@@ -3,10 +3,12 @@ use std::mem::replace;
 
 use time::{Duration, OffsetDateTime};
 
-#[cfg(feature = "secure")]
-use secure::{PrivateJar, SignedJar, Key};
-use delta::DeltaCookie;
-use Cookie;
+#[cfg(feature = "signed")] use crate::secure::SignedJar;
+#[cfg(feature = "private")] use crate::secure::PrivateJar;
+#[cfg(any(feature = "signed", feature = "private"))] use crate::secure::Key;
+
+use crate::delta::DeltaCookie;
+use crate::Cookie;
 
 /// A collection of cookies that tracks its modifications.
 ///
@@ -394,8 +396,6 @@ impl CookieJar {
     /// Any modifications to the child jar will be reflected on the parent jar,
     /// and any retrievals from the child jar will be made from the parent jar.
     ///
-    /// This method is only available when the `secure` feature is enabled.
-    ///
     /// # Example
     ///
     /// ```rust
@@ -420,7 +420,8 @@ impl CookieJar {
     /// assert!(jar.private(&key).get("private").is_none());
     /// assert!(jar.get("private").is_some());
     /// ```
-    #[cfg(feature = "secure")]
+    #[cfg(feature = "private")]
+    #[cfg_attr(all(doc, not(doctest)), doc(cfg(feature = "private")))]
     pub fn private(&mut self, key: &Key) -> PrivateJar {
         PrivateJar::new(self, key)
     }
@@ -431,8 +432,6 @@ impl CookieJar {
     /// Any modifications to the child jar will be reflected on the parent jar,
     /// and any retrievals from the child jar will be made from the parent jar.
     ///
-    /// This method is only available when the `secure` feature is enabled.
-    ///
     /// # Example
     ///
     /// ```rust
@@ -458,7 +457,8 @@ impl CookieJar {
     /// assert!(jar.signed(&key).get("signed").is_none());
     /// assert!(jar.get("signed").is_some());
     /// ```
-    #[cfg(feature = "secure")]
+    #[cfg(feature = "signed")]
+    #[cfg_attr(all(doc, not(doctest)), doc(cfg(feature = "signed")))]
     pub fn signed(&mut self, key: &Key) -> SignedJar {
         SignedJar::new(self, key)
     }
@@ -505,7 +505,7 @@ impl<'a> Iterator for Iter<'a> {
 #[cfg(test)]
 mod test {
     use super::CookieJar;
-    use Cookie;
+    use crate::Cookie;
 
     #[test]
     #[allow(deprecated)]
@@ -536,39 +536,38 @@ mod test {
         assert!(is_send(CookieJar::new()))
     }
 
+    // #[test]
+    // #[cfg(all(feature = "signed", feature = "private"))]
+    // fn iter() {
+    //     let key = ::Key::generate();
+    //     let mut c = CookieJar::new();
+    //
+    //     c.add_original(Cookie::new("original", "original"));
+    //
+    //     c.add(Cookie::new("test", "test"));
+    //     c.add(Cookie::new("test2", "test2"));
+    //     c.add(Cookie::new("test3", "test3"));
+    //     assert_eq!(c.iter().count(), 4);
+    //
+    //     c.signed(&key).add(Cookie::new("signed", "signed"));
+    //     c.private(&key).add(Cookie::new("encrypted", "encrypted"));
+    //     assert_eq!(c.iter().count(), 6);
+    //
+    //     c.remove(Cookie::named("test"));
+    //     assert_eq!(c.iter().count(), 5);
+    //
+    //     c.remove(Cookie::named("signed"));
+    //     c.remove(Cookie::named("test2"));
+    //     assert_eq!(c.iter().count(), 3);
+    //
+    //     c.add(Cookie::new("test2", "test2"));
+    //     assert_eq!(c.iter().count(), 4);
+    //
+    //     c.remove(Cookie::named("test2"));
+    //     assert_eq!(c.iter().count(), 3);
+    // }
+    //
     #[test]
-    #[cfg(feature = "secure")]
-    fn iter() {
-        let key = ::Key::generate();
-        let mut c = CookieJar::new();
-
-        c.add_original(Cookie::new("original", "original"));
-
-        c.add(Cookie::new("test", "test"));
-        c.add(Cookie::new("test2", "test2"));
-        c.add(Cookie::new("test3", "test3"));
-        assert_eq!(c.iter().count(), 4);
-
-        c.signed(&key).add(Cookie::new("signed", "signed"));
-        c.private(&key).add(Cookie::new("encrypted", "encrypted"));
-        assert_eq!(c.iter().count(), 6);
-
-        c.remove(Cookie::named("test"));
-        assert_eq!(c.iter().count(), 5);
-
-        c.remove(Cookie::named("signed"));
-        c.remove(Cookie::named("test2"));
-        assert_eq!(c.iter().count(), 3);
-
-        c.add(Cookie::new("test2", "test2"));
-        assert_eq!(c.iter().count(), 4);
-
-        c.remove(Cookie::named("test2"));
-        assert_eq!(c.iter().count(), 3);
-    }
-
-    #[test]
-    #[cfg(feature = "secure")]
     fn delta() {
         use std::collections::HashMap;
         use time::Duration;