From 75066fc90d94557b0f5f7bf5526c01879984a1a7 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Wed, 24 Apr 2024 13:26:57 -0600 Subject: [PATCH] Lint improvements Expands the number of lints applied to the code, particularly clippy lints, and fixes any current violations. --- src/aead/chacha20.rs | 18 +++++++++++------- src/aead/gcm.rs | 4 ++-- src/lib.rs | 20 +++++++++++++++++--- src/quic.rs | 3 ++- src/sign.rs | 25 ++++++++++++++++++------- tests/builder.rs | 4 ++-- 6 files changed, 52 insertions(+), 22 deletions(-) diff --git a/src/aead/chacha20.rs b/src/aead/chacha20.rs index e168819..995b79e 100644 --- a/src/aead/chacha20.rs +++ b/src/aead/chacha20.rs @@ -19,14 +19,16 @@ pub struct Chacha20Poly1305; impl Tls13AeadAlgorithm for Chacha20Poly1305 { fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { Box::new(Tls13Cipher( - chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()) + .expect("key should be valid"), iv, )) } fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { Box::new(Tls13Cipher( - chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()) + .expect("key should be valid"), iv, )) } @@ -48,14 +50,16 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305 { impl Tls12AeadAlgorithm for Chacha20Poly1305 { fn encrypter(&self, key: AeadKey, iv: &[u8], _: &[u8]) -> Box { Box::new(Tls12Cipher( - chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()) + .expect("key should be valid"), Iv::copy(iv), )) } fn decrypter(&self, key: AeadKey, iv: &[u8]) -> Box { Box::new(Tls12Cipher( - chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()) + .expect("key should be valid"), Iv::copy(iv), )) } @@ -79,7 +83,7 @@ impl Tls12AeadAlgorithm for Chacha20Poly1305 { debug_assert_eq!(NONCE_LEN, iv.len()); Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, - iv: Iv::new(iv[..].try_into().unwrap()), + iv: Iv::new(iv[..].try_into().expect("conversion should succeed")), }) } } @@ -89,7 +93,7 @@ struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); impl MessageEncrypter for Tls13Cipher { fn encrypt( &mut self, - m: OutboundPlainMessage, + m: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); @@ -143,7 +147,7 @@ struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); impl MessageEncrypter for Tls12Cipher { fn encrypt( &mut self, - m: OutboundPlainMessage, + m: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); diff --git a/src/aead/gcm.rs b/src/aead/gcm.rs index 9e4bc39..14be62b 100644 --- a/src/aead/gcm.rs +++ b/src/aead/gcm.rs @@ -60,7 +60,7 @@ macro_rules! impl_gcm_tls13 { struct []($aead, cipher::Iv); impl MessageEncrypter for [] { - fn encrypt(&mut self, m: OutboundPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, m: OutboundPlainMessage<'_>, seq: u64) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -156,7 +156,7 @@ macro_rules! impl_gcm_tls12 { #[cfg(feature = "tls12")] impl MessageEncrypter for [] { - fn encrypt(&mut self, m: OutboundPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, m: OutboundPlainMessage<'_>, seq: u64) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); diff --git a/src/lib.rs b/src/lib.rs index 5063942..1b108b8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -6,11 +6,25 @@ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg" )] #![warn( - clippy::all, - // TODO: clippy::pedantic, clippy::alloc_instead_of_core, + clippy::cast_lossless, + clippy::cast_possible_truncation, + clippy::cast_possible_wrap, + clippy::cast_precision_loss, + clippy::cast_sign_loss, + clippy::checked_conversions, + clippy::from_iter_instead_of_collect, + clippy::missing_errors_doc, + clippy::mod_module_files, + clippy::implicit_saturating_sub, + clippy::panic, + clippy::panic_in_result_fn, clippy::std_instead_of_alloc, - clippy::std_instead_of_core + clippy::std_instead_of_core, + clippy::unwrap_used, + rust_2018_idioms, + trivial_numeric_casts, + unused_lifetimes )] //! # Usage diff --git a/src/quic.rs b/src/quic.rs index 6660aa2..f849835 100644 --- a/src/quic.rs +++ b/src/quic.rs @@ -59,7 +59,8 @@ impl PacketKey { Self { iv, suite, - crypto: chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + crypto: chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()) + .expect("key should be valid"), } } } diff --git a/src/sign.rs b/src/sign.rs index 6a9528b..e6109f5 100644 --- a/src/sign.rs +++ b/src/sign.rs @@ -67,26 +67,37 @@ where } } +/// Extract any supported key from the given DER input. +/// +/// # Errors +/// +/// Returns an error if the key couldn't be decoded. pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, rustls::Error> { - let rsa = |_| RsaSigningKey::try_from(der).map(|x| Arc::new(x) as _); - - rsa(()) + RsaSigningKey::try_from(der) + .map(|x| Arc::new(x) as _) .or_else(|_| any_ecdsa_type(der)) .or_else(|_| any_eddsa_type(der)) } +/// Extract any supported ECDSA key from the given DER input. +/// +/// # Errors +/// +/// Returns an error if the key couldn't be decoded. pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, rustls::Error> { let p256 = |_| EcdsaSigningKeyP256::try_from(der).map(|x| Arc::new(x) as _); let p384 = |_| EcdsaSigningKeyP384::try_from(der).map(|x| Arc::new(x) as _); p256(()).or_else(p384) } +/// Extract any supported EDDSA key from the given DER input. +/// +/// # Errors +/// +/// Returns an error if the key couldn't be decoded. pub fn any_eddsa_type(der: &PrivateKeyDer<'_>) -> Result, rustls::Error> { - let ed25519 = |_| Ed25519SigningKey::try_from(der).map(|x| Arc::new(x) as _); - // TODO: Add support for Ed448 - - ed25519(()) + Ed25519SigningKey::try_from(der).map(|x| Arc::new(x) as _) } pub mod ecdsa; diff --git a/tests/builder.rs b/tests/builder.rs index 3fade34..bab5d85 100644 --- a/tests/builder.rs +++ b/tests/builder.rs @@ -40,7 +40,7 @@ fn integrate_client_builder_with_details_fake() { let rustls_client_config = dangerous_verifier.with_no_client_auth(); // RustCrypto is not fips - assert_eq!(rustls_client_config.fips(), false); + assert!(!rustls_client_config.fips()); } use rustls::DistinguishedName; @@ -79,5 +79,5 @@ fn integrate_server_builder_with_details_fake() { dangerous_verifier.with_cert_resolver(Arc::new(server_cert_resolver)); // RustCrypto is not fips - assert_eq!(rustls_client_config.fips(), false); + assert!(!rustls_client_config.fips()); }