Fix breakage from zeroize updates

This bumps the minimum version for zeroize to 1.6, and fixes some
breakage associated with its changes.

This also fixes some deprecation warnings from base64.

This resolves #43.

Cargo.toml

@@ -10,7 +10,7 @@ name = "dryoc"
 readme = "README.md"
 repository = "https://github.com/brndnmtthws/dryoc"
 rust-version = "1.56"
-version = "0.4.4"
+version = "0.5.0"
 
 [dependencies]
 base64 = { version = "0.21", optional = true }
@@ -24,7 +24,7 @@ salsa20 = { version = "0.10", features = ["zeroize"] }
 serde = { version = "1.0", optional = true, features = ["derive"] }
 sha2 = "0.10"
 subtle = "2.4"
-zeroize = { version = "1.5", features = ["zeroize_derive"] }
+zeroize = { version = "1.6", features = ["zeroize_derive"] }
 
 [target.'cfg(windows)'.dependencies]
 winapi = { version = "0.3", features = [

src/blake2b/blake2b_simd.rs

@@ -1,7 +1,7 @@
 use std::simd::Which::{First, Second};
 use std::simd::{simd_swizzle, Simd};
 
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::error::Error;
 use crate::utils::load_u64_le;
@@ -47,8 +47,7 @@ impl Default for Params {
     }
 }
 
-#[derive(Zeroize, Debug, Default)]
-#[zeroize(drop)]
+#[derive(Zeroize, ZeroizeOnDrop, Debug, Default)]
 pub struct State {
     t: [u64; 2],
     f: [u64; 2],

src/blake2b/blake2b_soft.rs

@@ -1,4 +1,4 @@
-use zeroize::Zeroize;
+use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::error::Error;
 use crate::utils::{load_u64_le, rotr64};
@@ -44,8 +44,7 @@ impl Default for Params {
     }
 }
 
-#[derive(Zeroize, Debug, Default)]
-#[zeroize(drop)]
+#[derive(Zeroize, ZeroizeOnDrop, Debug, Default)]
 pub struct State {
     h: [u64; 8],
     t: [u64; 2],

src/classic/crypto_auth.rs

@@ -6,7 +6,6 @@
 //! # Classic API single-part example
 //!
 //! ```
-//! use base64::encode;
 //! use dryoc::classic::crypto_auth::{crypto_auth, crypto_auth_keygen, crypto_auth_verify, Mac};
 //!
 //! let key = crypto_auth_keygen();
@@ -24,7 +23,6 @@
 //! # Classic API multi-part example
 //!
 //! ```
-//! use base64::encode;
 //! use dryoc::classic::crypto_auth::{
 //!     crypto_auth_final, crypto_auth_init, crypto_auth_keygen, crypto_auth_update,
 //!     crypto_auth_verify, Mac,

src/classic/crypto_core.rs

@@ -219,7 +219,8 @@ mod tests {
 
     #[test]
     fn test_crypto_scalarmult_base() {
-        use base64::encode;
+        use base64::engine::general_purpose;
+        use base64::Engine as _;
         for _ in 0..20 {
             use sodiumoxide::crypto::scalarmult::curve25519::{scalarmult_base, Scalar};
 
@@ -232,13 +233,17 @@ mod tests {
 
             let ge = scalarmult_base(&Scalar::from_slice(&sk).unwrap());
 
-            assert_eq!(encode(ge.as_ref()), encode(public_key));
+            assert_eq!(
+                general_purpose::STANDARD.encode(ge.as_ref()),
+                general_purpose::STANDARD.encode(public_key)
+            );
         }
     }
 
     #[test]
     fn test_crypto_scalarmult() {
-        use base64::encode;
+        use base64::engine::general_purpose;
+        use base64::Engine as _;
         for _ in 0..20 {
             use sodiumoxide::crypto::scalarmult::curve25519::{scalarmult, GroupElement, Scalar};
 
@@ -254,13 +259,17 @@ mod tests {
             )
             .expect("scalarmult failed");
 
-            assert_eq!(encode(ge.as_ref()), encode(shared_secret));
+            assert_eq!(
+                general_purpose::STANDARD.encode(ge.as_ref()),
+                general_purpose::STANDARD.encode(shared_secret)
+            );
         }
     }
 
     #[test]
     fn test_crypto_core_hchacha20() {
-        use base64::encode;
+        use base64::engine::general_purpose;
+        use base64::Engine as _;
         use libsodium_sys::crypto_core_hchacha20 as so_crypto_core_hchacha20;
 
         use crate::rng::copy_randombytes;
@@ -284,13 +293,17 @@ mod tests {
                 );
                 assert_eq!(ret, 0);
             }
-            assert_eq!(encode(&out), encode(&so_out));
+            assert_eq!(
+                general_purpose::STANDARD.encode(&out),
+                general_purpose::STANDARD.encode(&so_out)
+            );
         }
     }
 
     #[test]
     fn test_crypto_core_hsalsa20() {
-        use base64::encode;
+        use base64::engine::general_purpose;
+        use base64::Engine as _;
         use libsodium_sys::crypto_core_hsalsa20 as so_crypto_core_hsalsa20;
 
         use crate::rng::copy_randombytes;
@@ -314,7 +327,10 @@ mod tests {
                 );
                 assert_eq!(ret, 0);
             }
-            assert_eq!(encode(&out), encode(&so_out));
+            assert_eq!(
+                general_purpose::STANDARD.encode(&out),
+                general_purpose::STANDARD.encode(&so_out)
+            );
         }
     }
 }

src/classic/crypto_generichash.rs

@@ -8,7 +8,8 @@
 //! # Classic API example, one-time interface
 //!
 //! ```
-//! use base64::encode;
+//! use base64::engine::general_purpose;
+//! use base64::Engine as _;
 //! use dryoc::classic::crypto_generichash::*;
 //! use dryoc::constants::CRYPTO_GENERICHASH_BYTES;
 //!
@@ -18,15 +19,16 @@
 //! crypto_generichash(&mut output, b"a string of bytes", None).ok();
 //!
 //! assert_eq!(
-//!     encode(output),
+//!     general_purpose::STANDARD.encode(output),
 //!     "GdztjR9nU/rLh8VJt8e74+/seKTUnHgBexhGSpxLau0="
 //! );
 //! ```
 //!
 //! # Classic API example, incremental interface
 //!
 //! ```
-//! use base64::encode;
+//! use base64::engine::general_purpose;
+//! use base64::Engine as _;
 //! use dryoc::classic::crypto_generichash::*;
 //! use dryoc::constants::CRYPTO_GENERICHASH_BYTES;
 //!
@@ -40,7 +42,7 @@
 //! crypto_generichash_final(state, &mut output).expect("final failed");
 //!
 //! assert_eq!(
-//!     encode(output),
+//!     general_purpose::STANDARD.encode(output),
 //!     "GdztjR9nU/rLh8VJt8e74+/seKTUnHgBexhGSpxLau0="
 //! );
 //! ```

src/classic/crypto_kdf.rs

@@ -7,7 +7,8 @@
 //! # Classic API example
 //!
 //! ```
-//! use base64::encode;
+//! use base64::engine::general_purpose;
+//! use base64::Engine as _;
 //! use dryoc::classic::crypto_kdf::*;
 //!
 //! // Generate a random main key
@@ -19,7 +20,7 @@
 //! for i in 0..20 {
 //!     let mut key = Key::default();
 //!     crypto_kdf_derive_from_key(&mut key, i, context, &main_key).expect("kdf failed");
-//!     println!("Subkey {}: {}", i, encode(&key));
+//!     println!("Subkey {}: {}", i, general_purpose::STANDARD.encode(&key));
 //! }
 //! ```
 

src/classic/crypto_onetimeauth.rs

@@ -6,7 +6,8 @@
 //! # Classic API single-part example
 //!
 //! ```
-//! use base64::encode;
+//! use base64::engine::general_purpose;
+//! use base64::Engine as _;
 //! use dryoc::classic::crypto_onetimeauth::{
 //!     crypto_onetimeauth, crypto_onetimeauth_keygen, crypto_onetimeauth_verify, Mac,
 //! };
@@ -26,7 +27,8 @@
 //! # Classic API multi-part example
 //!
 //! ```
-//! use base64::encode;
+//! use base64::engine::general_purpose;
+//! use base64::Engine as _;
 //! use dryoc::classic::crypto_onetimeauth::{
 //!     crypto_onetimeauth_final, crypto_onetimeauth_init, crypto_onetimeauth_keygen,
 //!     crypto_onetimeauth_update, crypto_onetimeauth_verify, Mac,

src/classic/crypto_pwhash.rs

@@ -151,21 +151,16 @@ pub fn crypto_pwhash(
 #[cfg(any(feature = "base64", all(doc, not(doctest))))]
 #[cfg_attr(all(feature = "nightly", doc), doc(cfg(feature = "base64")))]
 pub(crate) fn pwhash_to_string(t_cost: u32, m_cost: u32, salt: &[u8], hash: &[u8]) -> String {
-    #[cfg(feature = "base64")]
-    use base64::Engine;
-
-    let base64_engine = base64::engine::general_purpose::GeneralPurpose::new(
-        &base64::alphabet::STANDARD,
-        base64::engine::general_purpose::NO_PAD,
-    );
+    use base64::engine::general_purpose;
+    use base64::Engine as _;
 
     format!(
         "$argon2id$v={}$m={},t={},p=1${}${}",
         argon2::ARGON2_VERSION_NUMBER,
         m_cost,
         t_cost,
-        base64_engine.encode(salt),
-        base64_engine.encode(hash),
+        general_purpose::STANDARD_NO_PAD.encode(salt),
+        general_purpose::STANDARD_NO_PAD.encode(hash),
     )
 }
 

src/classic/crypto_secretbox.rs

@@ -179,7 +179,8 @@ mod tests {
     #[test]
     fn test_crypto_secretbox_easy() {
         for i in 0..20 {
-            use base64::encode;
+            use base64::engine::general_purpose;
+            use base64::Engine as _;
             use sodiumoxide::crypto::secretbox;
             use sodiumoxide::crypto::secretbox::{Key as SOKey, Nonce as SONonce};
 
@@ -197,7 +198,10 @@ mod tests {
                 &SONonce::from_slice(&nonce).unwrap(),
                 &SOKey::from_slice(&key).unwrap(),
             );
-            assert_eq!(encode(&ciphertext), encode(&so_ciphertext));
+            assert_eq!(
+                general_purpose::STANDARD.encode(&ciphertext),
+                general_purpose::STANDARD.encode(&so_ciphertext)
+            );
 
             let mut decrypted = vec![0u8; message.len()];
             crypto_secretbox_open_easy(&mut decrypted, &ciphertext, &nonce, &key)
@@ -217,7 +221,8 @@ mod tests {
     #[test]
     fn test_crypto_secretbox_easy_inplace() {
         for i in 0..20 {
-            use base64::encode;
+            use base64::engine::general_purpose;
+            use base64::Engine as _;
             use sodiumoxide::crypto::secretbox;
             use sodiumoxide::crypto::secretbox::{Key as SOKey, Nonce as SONonce};
 
@@ -236,7 +241,10 @@ mod tests {
                 &SONonce::from_slice(&nonce).unwrap(),
                 &SOKey::from_slice(&key).unwrap(),
             );
-            assert_eq!(encode(&ciphertext), encode(&so_ciphertext));
+            assert_eq!(
+                general_purpose::STANDARD.encode(&ciphertext),
+                general_purpose::STANDARD.encode(&so_ciphertext)
+            );
 
             let mut decrypted = ciphertext.clone();
             crypto_secretbox_open_easy_inplace(&mut decrypted, &nonce, &key)