Add support for hkdf-sha512, pbkdf2-sha512, and scrypt.

Author: wolfmcnally

CONTRIBUTING.md

@@ -9,9 +9,10 @@ We love your input! We want to make contributing to this project as easy and tra
 - Becoming a maintainer
 
 ## We Develop with Github
+
 We use GitHub to host code, to track issues and feature requests, and to accept Pull Requests.
 
-## Report Bugs using Github's [issues](https://github.com/briandk/transcriptase-atom/issues)
+## Report Bugs using Github's Issue Tracker
 
 If you find bugs, mistakes, or inconsistencies in this project's code or documents, please let us know by [opening a new issue](./issues), but consider searching through existing issues first to check and see if the problem has already been reported. If it has, it never hurts to add a quick "+1" or "I have this problem too". This helps prioritize the most common problems and requests.
 
@@ -24,12 +25,12 @@ If you find bugs, mistakes, or inconsistencies in this project's code or documen
 - A quick summary and/or background
 - Steps to reproduce
   - Be specific!
-  - Give sample code if you can. [The stackoverflow bug report](http://stackoverflow.com/q/12488905/180626) includes sample code that *anyone* with a base R setup can run to reproduce what I was seeing
+  - Give sample code if you can. [The stackoverflow bug report](http://stackoverflow.com/q/12488905/180626) includes sample code that _anyone_ with a base R setup can run to reproduce what I was seeing
 - What you expected would happen
 - What actually happens
 - Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)
 
-People *love* thorough bug reports. I'm not even kidding.
+People _love_ thorough bug reports. I'm not even kidding.
 
 ## Submit Code Changes through Pull Requests
 
@@ -39,9 +40,9 @@ We ask that more significant improvements to the project be first proposed befor
 
 ### Use a Consistent Coding Style
 
-* We indent using two spaces (soft tabs)
-* We ALWAYS put spaces after list items and method parameters ([1, 2, 3], not [1,2,3]), around operators (x += 1, not x+=1), and around hash arrows.
-* This is open-source software. Consider the people who will read your code, and make it look nice for them. It's sort of like driving a car: Perhaps you love doing donuts when you're alone, but with passengers the goal is to make the ride as smooth as possible.
+- We indent using two spaces (soft tabs)
+- We ALWAYS put spaces after list items and method parameters ([1, 2, 3], not [1,2,3]), around operators (x += 1, not x+=1), and around hash arrows.
+- This is open-source software. Consider the people who will read your code, and make it look nice for them. It's sort of like driving a car: Perhaps you love doing donuts when you're alone, but with passengers the goal is to make the ride as smooth as possible.
 
 ### Use [Github Flow](https://guides.github.com/introduction/flow/index.html) for Pull Requests
 
@@ -61,5 +62,6 @@ In short, when you submit code changes, your submissions are understood to be av
 ## References
 
 Portions of this CONTRIBUTING.md document were adopted from best practices of a number of open source projects, including:
-* [Facebook's Draft](https://github.com/facebook/draft-js/blob/a9316a723f9e918afde44dea68b5f9f39b7d9b00/CONTRIBUTING.md)
-* [IPFS Contributing](https://github.com/ipfs/community/blob/master/CONTRIBUTING.md)
+
+- [Facebook's Draft](https://github.com/facebook/draft-js/blob/a9316a723f9e918afde44dea68b5f9f39b7d9b00/CONTRIBUTING.md)
+- [IPFS Contributing](https://github.com/ipfs/community/blob/master/CONTRIBUTING.md)

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "bc-crypto"
-version = "0.7.0"
-edition = "2021"
+version = "0.8.0"
+edition = "2024"
 description = "A uniform API for cryptographic primitives used in Blockchain Commons projects"
 authors = ["Blockchain Commons"]
 repository = "https://github.com/BlockchainCommons/bc-crypto-rust"
@@ -12,7 +12,7 @@ keywords = ["cryptography"]
 categories = ["cryptography"]                                                                  # https://crates.io/category_slugs
 
 [dependencies]
-bc-rand = "^0.3.0"
+bc-rand = "^0.4.0"
 rand = "^0.8.5"
 sha2 = "^0.10.6"
 hmac = "^0.12.1"
@@ -26,6 +26,7 @@ thiserror = "^1.0.48"
 anyhow = "^1.0.0"
 hex = "^0.4.3"
 ed25519-dalek = { version = "2.1.1", features = ["rand_core"] }
+scrypt = { version = "0.11.0", default-features = false }
 
 [dev-dependencies]
 hex-literal = "^0.4.1"

README.md

@@ -27,7 +27,7 @@
 
 ```toml
 [dependencies]
-bc-crypto = "0.7.0"
+bc-crypto = "0.8.0"
 ```
 
 ## Version History

src/hash.rs

@@ -78,6 +78,13 @@ pub fn pbkdf2_hmac_sha256(pass: impl AsRef<[u8]>, salt: impl AsRef<[u8]>, iterat
     key
 }
 
+/// Computes the PBKDF2-HMAC-SHA-512 for the given password.
+pub fn pbkdf2_hmac_sha512(pass: impl AsRef<[u8]>, salt: impl AsRef<[u8]>, iterations: u32, key_len: usize) -> Vec<u8> {
+    let mut key = vec![0u8; key_len];
+    pbkdf2_hmac::<Sha512>(pass.as_ref(), salt.as_ref(), iterations, &mut key);
+    key
+}
+
 /// Computes the HKDF-HMAC-SHA-256 for the given key material.
 pub fn hkdf_hmac_sha256(key_material: impl AsRef<[u8]>, salt: impl AsRef<[u8]>, key_len: usize) -> Vec<u8> {
     let mut key = vec![0u8; key_len];
@@ -86,6 +93,14 @@ pub fn hkdf_hmac_sha256(key_material: impl AsRef<[u8]>, salt: impl AsRef<[u8]>,
     key
 }
 
+/// Computes the HKDF-HMAC-SHA-512 for the given key material.
+pub fn hkdf_hmac_sha512(key_material: impl AsRef<[u8]>, salt: impl AsRef<[u8]>, key_len: usize) -> Vec<u8> {
+    let mut key = vec![0u8; key_len];
+    let hkdf = Hkdf::<Sha512>::new(Some(salt.as_ref()), key_material.as_ref());
+    hkdf.expand(&[], &mut key).unwrap();
+    key
+}
+
 #[cfg(test)]
 mod tests {
     use hex_literal::hex;

src/lib.rs

@@ -1,4 +1,4 @@
-#![doc(html_root_url = "https://docs.rs/bc-crypto/0.7.0")]
+#![doc(html_root_url = "https://docs.rs/bc-crypto/0.8.0")]
 #![warn(rust_2018_idioms)]
 
 //! # Introduction
@@ -24,7 +24,7 @@
 //!
 //! ```toml
 //! [dependencies]
-//! bc-crypto = "0.7.0"
+//! bc-crypto = "0.8.0"
 //! ```
 
 /// The `hash` module contains functions for hashing data.
@@ -43,7 +43,7 @@ pub use hash::{
 };
 
 mod memzero;
-pub use memzero::{memzero, memzero_vec_vec_u8};
+pub use memzero::{ memzero, memzero_vec_vec_u8 };
 
 mod symmetric_encryption;
 pub use symmetric_encryption::{
@@ -57,7 +57,7 @@ pub use symmetric_encryption::{
 };
 
 mod public_key_encryption;
-pub use public_key_encryption:: {
+pub use public_key_encryption::{
     x25519_new_private_key_using,
     x25519_public_key_from_private_key,
     x25519_derive_private_key,
@@ -84,10 +84,7 @@ pub use ecdsa_keys::{
 };
 
 mod ecdsa_signing;
-pub use ecdsa_signing::{
-    ecdsa_sign,
-    ecdsa_verify,
-};
+pub use ecdsa_signing::{ ecdsa_sign, ecdsa_verify };
 
 mod schnorr_signing;
 pub use schnorr_signing::{
@@ -109,6 +106,9 @@ pub use ed25519_signing::{
     ED25519_SIGNATURE_SIZE,
 };
 
+mod scrypt;
+pub use scrypt::{ scrypt, scrypt_opt };
+
 #[cfg(test)]
 mod tests {
     #[test]

src/scrypt.rs

@@ -0,0 +1,96 @@
+use scrypt::scrypt as scrypt_hash;
+
+/// Computes the scrypt key derivation function using recommended parameters.
+///
+/// # Arguments
+///
+/// * `pass` - The password or passphrase as a byte slice.
+/// * `salt` - The salt as a byte slice.
+/// * `output_len` - The desired length of the derived key in bytes. Must be greater than 9 and less than or equal to 64.
+///
+/// # Returns
+///
+/// A `Vec<u8>` containing the derived key of the specified length.
+///
+/// # Panics
+///
+/// Panics if the scrypt function fails or if the output length is invalid.
+///
+/// # Examples
+///
+/// ```
+/// use bc_crypto::scrypt;
+/// let key = scrypt(b"password", b"salt", 32);
+/// assert_eq!(key.len(), 32);
+/// ```
+pub fn scrypt(
+    pass: impl AsRef<[u8]>,
+    salt: impl AsRef<[u8]>,
+    output_len: usize, // Must be greater than `9` and less than or equal to `64`
+) -> Vec<u8> {
+    let params = scrypt::Params::recommended();
+    let mut output = vec![0u8; output_len];
+    scrypt_hash(pass.as_ref(), salt.as_ref(), &params, &mut output)
+        .expect("scrypt failed");
+    output
+}
+
+pub fn scrypt_opt(
+    pass: impl AsRef<[u8]>,
+    salt: impl AsRef<[u8]>,
+    output_len: usize, // Must be greater than `9` and less than or equal to `64`
+    log_n: u8, // Must be less than `64`
+    r: u32, // Must be greater than 0 and less than or equal to `4294967295`
+    p: u32, // Must be greater than 0 and less than `4294967295`
+) -> Vec<u8> {
+    let params = scrypt::Params::new(log_n, r, p, output_len)
+        .expect("Invalid Scrypt parameters");
+    let mut output = vec![0u8; output_len];
+    scrypt_hash(pass.as_ref(), salt.as_ref(), &params, &mut output)
+        .expect("scrypt failed");
+    output
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_scrypt_basic() {
+        let pass = b"password";
+        let salt = b"salt";
+        let output = scrypt(pass, salt, 32);
+        assert_eq!(output.len(), 32);
+        // Scrypt should be deterministic for same input
+        let output2 = scrypt(pass, salt, 32);
+        assert_eq!(output, output2);
+    }
+
+    #[test]
+    fn test_scrypt_different_salt() {
+        let pass = b"password";
+        let salt1 = b"salt1";
+        let salt2 = b"salt2";
+        let out1 = scrypt(pass, salt1, 32);
+        let out2 = scrypt(pass, salt2, 32);
+        assert_ne!(out1, out2);
+    }
+
+    #[test]
+    fn test_scrypt_opt_basic() {
+        let pass = b"password";
+        let salt = b"salt";
+        let output = scrypt_opt(pass, salt, 32, 15, 8, 1);
+        assert_eq!(output.len(), 32);
+    }
+
+    #[test]
+    fn test_scrypt_output_length() {
+        let pass = b"password";
+        let salt = b"salt";
+        for len in [16, 24, 32, 64] {
+            let output = scrypt(pass, salt, len);
+            assert_eq!(output.len(), len);
+        }
+    }
+}