Rely on CI to test static across versions

Author: josevalim

lib/plug/crypto/key_generator.ex

@@ -31,20 +31,15 @@ defmodule Plug.Crypto.KeyGenerator do
 
   """
   def generate(secret, salt, opts \\ []) do
-    force_legacy_mode = Keyword.get(opts, :force_legacy_mode, false)
     iterations = Keyword.get(opts, :iterations, 1000)
     length = Keyword.get(opts, :length, 32)
     digest = Keyword.get(opts, :digest, :sha256)
     cache = Keyword.get(opts, :cache)
-    generate(secret, salt, iterations, length, digest, force_legacy_mode, cache)
+    generate(secret, salt, iterations, length, digest, cache)
   end
 
   @doc false
   def generate(secret, salt, iterations, length, digest, cache) do
-    generate(secret, salt, iterations, length, digest, false, cache)
-  end
-
-  defp generate(secret, salt, iterations, length, digest, force_legacy_mode, cache) do
     cond do
       not is_integer(iterations) or iterations < 1 ->
         raise ArgumentError, "iterations must be an integer >= 1"
@@ -54,23 +49,13 @@ defmodule Plug.Crypto.KeyGenerator do
 
       true ->
         with_cache(cache, {secret, salt, iterations, length, digest}, fn ->
-          pbkdf2_hmac(digest, secret, salt, iterations, length, force_legacy_mode)
+          pbkdf2_hmac(digest, secret, salt, iterations, length)
         end)
     end
   rescue
     e -> reraise e, Plug.Crypto.prune_args_from_stacktrace(__STACKTRACE__)
   end
 
-  defp pbkdf2_hmac(digest, secret, salt, iterations, length, force_legacy_mode) do
-    # TODO: remove when we require OTP 24.2
-    if not force_legacy_mode and Code.ensure_loaded?(:crypto) and
-         function_exported?(:crypto, :pbkdf2_hmac, 5) do
-      :crypto.pbkdf2_hmac(digest, secret, salt, iterations, length)
-    else
-      legacy_pbkdf2_hmac(hmac_fun(digest, secret), salt, iterations, length, 1, [], 0)
-    end
-  end
-
   defp with_cache(nil, _key, fun), do: fun.()
 
   defp with_cache(ets, key, fun) do
@@ -85,27 +70,46 @@ defmodule Plug.Crypto.KeyGenerator do
     end
   end
 
-  defp legacy_pbkdf2_hmac(_fun, _salt, _iterations, max_length, _block_index, acc, length)
-       when length >= max_length do
-    acc
-    |> IO.iodata_to_binary()
-    |> binary_part(0, max_length)
-  end
+  # TODO: remove when we require OTP 24.2
+  if Code.ensure_loaded?(:crypto) and function_exported?(:crypto, :pbkdf2_hmac, 5) do
+    defp pbkdf2_hmac(digest, secret, salt, iterations, length) do
+      :crypto.pbkdf2_hmac(digest, secret, salt, iterations, length)
+    end
+  else
+    defp pbkdf2_hmac(digest, secret, salt, iterations, length) do
+      legacy_pbkdf2_hmac(hmac_fun(digest, secret), salt, iterations, length, 1, [], 0)
+    end
 
-  defp legacy_pbkdf2_hmac(fun, salt, iterations, max_length, block_index, acc, length) do
-    initial = fun.(<<salt::binary, block_index::integer-size(32)>>)
-    block = iterate(fun, iterations - 1, initial, initial)
-    length = byte_size(block) + length
+    defp legacy_pbkdf2_hmac(_fun, _salt, _iterations, max_length, _block_index, acc, length)
+         when length >= max_length do
+      acc
+      |> IO.iodata_to_binary()
+      |> binary_part(0, max_length)
+    end
 
-    legacy_pbkdf2_hmac(fun, salt, iterations, max_length, block_index + 1, [acc | block], length)
-  end
+    defp legacy_pbkdf2_hmac(fun, salt, iterations, max_length, block_index, acc, length) do
+      initial = fun.(<<salt::binary, block_index::integer-size(32)>>)
+      block = iterate(fun, iterations - 1, initial, initial)
+      length = byte_size(block) + length
+
+      legacy_pbkdf2_hmac(
+        fun,
+        salt,
+        iterations,
+        max_length,
+        block_index + 1,
+        [acc | block],
+        length
+      )
+    end
 
-  defp iterate(_fun, 0, _prev, acc), do: acc
+    defp iterate(_fun, 0, _prev, acc), do: acc
 
-  defp iterate(fun, iteration, prev, acc) do
-    next = fun.(prev)
-    iterate(fun, iteration - 1, next, :crypto.exor(next, acc))
-  end
+    defp iterate(fun, iteration, prev, acc) do
+      next = fun.(prev)
+      iterate(fun, iteration - 1, next, :crypto.exor(next, acc))
+    end
 
-  defp hmac_fun(digest, key), do: &:crypto.mac(:hmac, digest, key, &1)
+    defp hmac_fun(digest, key), do: &:crypto.mac(:hmac, digest, key, &1)
+  end
 end

test/plug/crypto/key_generator_test.exs

@@ -19,7 +19,7 @@ defmodule Plug.Crypto.KeyGeneratorTest do
     end
   end
 
-  test "it works" do
+  test "digest :sha works" do
     key = generate("password", "salt", iterations: 1, length: 20, digest: :sha)
     assert byte_size(key) == 20
     assert to_hex(key) == "0c60c80f961f0e71f3a9b524af6012062fe037a6"
@@ -63,12 +63,6 @@ defmodule Plug.Crypto.KeyGeneratorTest do
              "6e88be8bad7eae9d9e10aa061224034fed48d03fcbad968b56006784539d5214ce970d912ec2049b04231d47c2eb88506945b26b2325e6adfeeba08895ff9587"
   end
 
-  test "digest :sha works" do
-    key = generate("password", "salt", iterations: 1, length: 16, digest: :sha)
-    assert byte_size(key) == 16
-    assert to_hex(key) == "0c60c80f961f0e71f3a9b524af601206"
-  end
-
   test "digest :sha224 works" do
     key = generate("password", "salt", iterations: 1, length: 16, digest: :sha224)
     assert byte_size(key) == 16
@@ -94,17 +88,7 @@ defmodule Plug.Crypto.KeyGeneratorTest do
   end
 
   def generate(secret, salt, opts \\ []) do
-    key = Plug.Crypto.KeyGenerator.generate(secret, salt, opts)
-
-    legacy_key =
-      Plug.Crypto.KeyGenerator.generate(
-        secret,
-        salt,
-        Keyword.merge(opts, force_legacy_mode: true)
-      )
-
-    assert key == legacy_key
-    key
+    Plug.Crypto.KeyGenerator.generate(secret, salt, opts)
   end
 
   def to_hex(value), do: Base.encode16(value, case: :lower)