hsh 0.0.10

Enterprise password hashing for Rust: Argon2id / bcrypt / scrypt / PBKDF2 with PHC strings, KMS-backed pepper, and FIPS 140-3 routing through aws-lc-rs (CMVP Cert #4759).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292

#![allow(missing_docs)]
#![allow(clippy::unwrap_used, clippy::expect_used)]
// Copyright © 2023-2026 Hash (HSH) library contributors. All rights reserved.
// SPDX-License-Identifier: Apache-2.0 OR MIT

//! Coverage tests for `crates/hsh/src/error.rs` — the structured
//! `Error` enum, `HashingError` wrapper, `DecodeError` sub-enum, and
//! every `From<_>` conversion. These tests don't exercise the
//! cryptographic paths; they pin down the *error surface* itself so
//! downstream `match` blocks and `From` chains stay stable.

use hsh::error::{DecodeError, Error, HashingErrorKind};

// ---------------------------------------------------------------------------
// Display impls — every variant must produce non-empty, context-bearing text.
// ---------------------------------------------------------------------------

#[test]
fn unsupported_algorithm_display() {
    let e = Error::UnsupportedAlgorithm("foo".into());
    assert_eq!(format!("{e}"), "unsupported hash algorithm: foo");
}

#[test]
fn invalid_hash_string_display() {
    let e = Error::InvalidHashString("bad PHC".into());
    assert_eq!(format!("{e}"), "invalid hash string: bad PHC");
}

#[test]
fn invalid_parameter_display() {
    let e = Error::InvalidParameter("cost out of range".into());
    assert_eq!(format!("{e}"), "invalid parameter: cost out of range");
}

#[test]
fn invalid_password_display() {
    let e = Error::InvalidPassword("too long".into());
    assert_eq!(format!("{e}"), "password rejected: too long");
}

#[test]
fn invalid_salt_display() {
    let e = Error::InvalidSalt("not base64".into());
    assert_eq!(format!("{e}"), "invalid salt: not base64");
}

#[test]
fn verification_display() {
    let e = Error::Verification("stored corrupt".into());
    assert_eq!(format!("{e}"), "verification failed: stored corrupt");
}

#[test]
fn invalid_policy_display() {
    let e = Error::InvalidPolicy("primary missing".into());
    assert_eq!(format!("{e}"), "invalid policy: primary missing");
}

// ---------------------------------------------------------------------------
// HashingError + HashingErrorKind
// ---------------------------------------------------------------------------

#[test]
fn hashing_error_kind_display_covers_every_variant() {
    assert_eq!(format!("{}", HashingErrorKind::Argon2), "argon2");
    assert_eq!(format!("{}", HashingErrorKind::Bcrypt), "bcrypt");
    assert_eq!(format!("{}", HashingErrorKind::Scrypt), "scrypt");
    assert_eq!(format!("{}", HashingErrorKind::Pbkdf2), "pbkdf2");
    assert_eq!(
        format!("{}", HashingErrorKind::PhcEncoder),
        "phc encoder"
    );
}

#[test]
fn hashing_error_constructor_threads_kind_and_detail() {
    let e =
        Error::hashing(HashingErrorKind::Argon2, "memory cost too low");
    let rendered = format!("{e}");
    assert!(rendered.contains("argon2"));
    assert!(rendered.contains("memory cost too low"));
}

#[test]
fn hashing_error_accepts_owned_string() {
    let detail = String::from("dynamic detail");
    let e = Error::hashing(HashingErrorKind::Bcrypt, detail);
    let rendered = format!("{e}");
    assert!(rendered.contains("bcrypt"));
    assert!(rendered.contains("dynamic detail"));
}

#[test]
fn hashing_error_display_format_is_kind_colon_detail() {
    // HashingError is #[non_exhaustive] — go through the Error::hashing
    // constructor, then unwrap the inner via pattern match.
    let outer =
        Error::hashing(HashingErrorKind::Scrypt, "invalid log_n");
    let Error::Hashing(inner) = outer else {
        unreachable!("constructor returns Error::Hashing variant");
    };
    assert_eq!(format!("{inner}"), "scrypt: invalid log_n");
    assert_eq!(inner.kind, HashingErrorKind::Scrypt);
    assert_eq!(inner.detail, "invalid log_n");
}

#[test]
fn hashing_error_kind_equality_and_ord() {
    assert_eq!(HashingErrorKind::Argon2, HashingErrorKind::Argon2);
    assert_ne!(HashingErrorKind::Argon2, HashingErrorKind::Bcrypt);
    let mut kinds = [
        HashingErrorKind::PhcEncoder,
        HashingErrorKind::Argon2,
        HashingErrorKind::Bcrypt,
    ];
    kinds.sort();
    // Argon2 first because the enum order is Argon2 / Bcrypt / Scrypt /
    // Pbkdf2 / PhcEncoder.
    assert_eq!(kinds[0], HashingErrorKind::Argon2);
}

// ---------------------------------------------------------------------------
// DecodeError sub-enum + the Decode wrapper variant
// ---------------------------------------------------------------------------

#[test]
fn decode_utf8_display() {
    let e = DecodeError::Utf8("invalid byte 0xff".into());
    let s = format!("{e}");
    assert!(s.starts_with("utf-8 decode:"));
    assert!(s.contains("invalid byte 0xff"));
}

#[test]
fn decode_base64_display() {
    let e = DecodeError::Base64("invalid padding".into());
    let s = format!("{e}");
    assert!(s.starts_with("base64 decode:"));
}

#[test]
fn decode_json_display() {
    let e = DecodeError::Json("expected `,`".into());
    let s = format!("{e}");
    assert!(s.starts_with("json decode:"));
}

#[test]
fn error_decode_is_transparent_to_inner() {
    // Error::Decode uses `#[error(transparent)]` so its Display passes
    // through to the inner DecodeError's Display.
    let inner = DecodeError::Base64("bad input".into());
    let outer = Error::Decode(inner);
    assert!(format!("{outer}").starts_with("base64 decode:"));
}

// ---------------------------------------------------------------------------
// From<_> conversions — `?` ergonomics from the underlying stdlib /
// dependency errors into hsh::Error.
// ---------------------------------------------------------------------------

#[test]
fn from_utf8_error_wraps_into_decode_utf8() {
    // std::str::from_utf8 on an invalid byte sequence.
    let bad: Vec<u8> = vec![0xff, 0xfe];
    let err = std::str::from_utf8(&bad).unwrap_err();
    let hsh_err: Error = err.into();
    assert!(matches!(hsh_err, Error::Decode(DecodeError::Utf8(_))));
}

#[test]
fn from_base64_decode_error_wraps_into_decode_base64() {
    use base64::{engine::general_purpose, Engine as _};
    let err = general_purpose::STANDARD.decode("@@@").unwrap_err();
    let hsh_err: Error = err.into();
    assert!(matches!(hsh_err, Error::Decode(DecodeError::Base64(_))));
}

#[test]
fn from_serde_json_error_wraps_into_decode_json() {
    let err = serde_json::from_str::<i32>("{").unwrap_err();
    let hsh_err: Error = err.into();
    assert!(matches!(hsh_err, Error::Decode(DecodeError::Json(_))));
}

#[cfg(feature = "pepper")]
#[test]
fn from_pepper_error_wraps_into_pepper_variant() {
    let pe = hsh_kms::PepperError::UnknownVersion(
        hsh_kms::KeyVersion::new(7),
    );
    let hsh_err: Error = pe.into();
    assert!(matches!(hsh_err, Error::Pepper(_)));
    assert!(format!("{hsh_err}").contains("pepper provider:"));
}

// ---------------------------------------------------------------------------
// std::error::Error trait + source chains
// ---------------------------------------------------------------------------

#[test]
fn error_implements_std_error() {
    fn assert_std_error<
        T: std::error::Error + Send + Sync + 'static,
    >() {
    }
    assert_std_error::<Error>();
    assert_std_error::<DecodeError>();
}

#[test]
fn hashing_error_source_chain() {
    // HashingError itself is the leaf — std::error::Error::source returns
    // None because we don't wrap a typed source (we stringify on
    // construction for Clone-ability).
    let outer =
        Error::hashing(HashingErrorKind::Pbkdf2, "iterations < 1");
    let Error::Hashing(inner) = outer else {
        unreachable!();
    };
    let as_err: &dyn std::error::Error = &inner;
    assert!(as_err.source().is_none());
}

// ---------------------------------------------------------------------------
// Clone semantics — critical so error fan-out (tower middleware, retry
// budgets) doesn't need Arc-wrapping.
// ---------------------------------------------------------------------------

#[test]
fn error_clone_preserves_variant_and_payload() {
    let original = Error::InvalidParameter("oops".into());
    let cloned = original.clone();
    assert_eq!(format!("{original}"), format!("{cloned}"));
}

#[test]
fn hashing_error_clone_preserves_kind_and_detail() {
    let outer = Error::hashing(HashingErrorKind::Bcrypt, "cost = 0");
    let Error::Hashing(original) = outer else {
        unreachable!();
    };
    let cloned = original.clone();
    assert_eq!(cloned.kind, HashingErrorKind::Bcrypt);
    assert_eq!(cloned.detail, "cost = 0");
}

#[test]
fn decode_error_clone_round_trip() {
    let original = DecodeError::Json("expected `]`".into());
    let cloned = original.clone();
    assert_eq!(format!("{original}"), format!("{cloned}"));
}

// ---------------------------------------------------------------------------
// Cow<'static, str> dual-mode payload — literals (zero-alloc) AND owned.
// ---------------------------------------------------------------------------

#[test]
fn error_accepts_static_literal_payload() {
    // Literal &'static str into Cow::Borrowed — zero alloc.
    let e = Error::InvalidPassword("static literal".into());
    let payload: &str = match &e {
        Error::InvalidPassword(s) => s,
        _ => unreachable!(),
    };
    assert_eq!(payload, "static literal");
}

#[test]
fn error_accepts_owned_string_payload() {
    let dynamic = format!("computed at runtime: {}", 42);
    let e = Error::InvalidPassword(dynamic.into());
    let payload: &str = match &e {
        Error::InvalidPassword(s) => s,
        _ => unreachable!(),
    };
    assert!(payload.contains("42"));
}

// ---------------------------------------------------------------------------
// Send + Sync — error must traverse thread boundaries cleanly.
// ---------------------------------------------------------------------------

#[test]
fn error_is_send_and_sync() {
    fn assert_send_sync<T: Send + Sync>() {}
    assert_send_sync::<Error>();
    assert_send_sync::<DecodeError>();
    assert_send_sync::<HashingErrorKind>();
}