tuxmain/boring-rustls-provider
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clippy

Browse source
This commit is contained in:
Jan Rüth 2023-11-24 16:08:52 +01:00 committed by Jan
commit 6f1394e4b4
9 changed files with 34 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

16
boring-additions/src/aead/mod.rs
View file

@ -159,21 +159,21 @@ mod tests {
fn in_out() { fn in_out() {
let key = Crypter::new(super::Algorithm::aes_128_gcm(), &[0u8; 16]).unwrap(); let key = Crypter::new(super::Algorithm::aes_128_gcm(), &[0u8; 16]).unwrap();
let nonce = [0u8; 12]; let nonce = [0u8; 12];
let associated_data = "this is signed".as_bytes(); let associated_data = b"this is signed";
let mut buffer = Vec::with_capacity(26); let mut buffer = Vec::with_capacity(26);
buffer.push('A' as u8); buffer.push(b'A');
buffer.push('B' as u8); buffer.push(b'B');
buffer.push('C' as u8); buffer.push(b'C');
buffer.push('D' as u8); buffer.push(b'D');
buffer.push('E' as u8); buffer.push(b'E');
let mut tag = [0u8; 16]; let mut tag = [0u8; 16];
key.seal_in_place(&nonce, &associated_data, buffer.as_mut_slice(), &mut tag) key.seal_in_place(&nonce, associated_data, buffer.as_mut_slice(), &mut tag)
.unwrap(); .unwrap();
println!("Encrypted: {:02X?}, Tag: {:02X?}", buffer, tag); println!("Encrypted: {:02X?}, Tag: {:02X?}", buffer, tag);
key.open_in_place(&nonce, &associated_data, buffer.as_mut_slice(), &tag[..]) key.open_in_place(&nonce, associated_data, buffer.as_mut_slice(), &tag[..])
.unwrap(); .unwrap();
println!("Plaintext: {}", String::from_utf8(buffer).unwrap()); println!("Plaintext: {}", String::from_utf8(buffer).unwrap());

8
boring-rustls-provider/src/aead.rs
View file

@ -13,7 +13,7 @@ pub(crate) mod chacha20;
pub(crate) trait BoringCipher { pub(crate) trait BoringCipher {
/// Constructs a new instance of this cipher as an AEAD algorithm /// Constructs a new instance of this cipher as an AEAD algorithm
fn new() -> Algorithm; fn new_cipher() -> Algorithm;
/// The key size in bytes /// The key size in bytes
fn key_size() -> usize; fn key_size() -> usize;
/// The IV's fixed length (Not the full IV length, only the part that doesn't change). /// The IV's fixed length (Not the full IV length, only the part that doesn't change).
@ -55,7 +55,7 @@ impl<T: BoringAead> BoringAeadCrypter<T> {
_ => false, _ => false,
}); });
let cipher = <T as BoringCipher>::new(); let cipher = <T as BoringCipher>::new_cipher();
assert_eq!( assert_eq!(
cipher.nonce_len(), cipher.nonce_len(),
@ -81,7 +81,7 @@ impl<T: BoringAead> aead::AeadInPlace for BoringAeadCrypter<T> {
) -> aead::Result<Tag<Self>> { ) -> aead::Result<Tag<Self>> {
let mut tag = Tag::<Self>::default(); let mut tag = Tag::<Self>::default();
self.crypter self.crypter
.seal_in_place(&nonce, &associated_data, buffer, &mut tag) .seal_in_place(nonce, associated_data, buffer, &mut tag)
.map_err(|e| error_stack_to_aead_error("seal_in_place", e))?; .map_err(|e| error_stack_to_aead_error("seal_in_place", e))?;
Ok(tag) Ok(tag)
@ -95,7 +95,7 @@ impl<T: BoringAead> aead::AeadInPlace for BoringAeadCrypter<T> {
tag: &Tag<Self>, tag: &Tag<Self>,
) -> aead::Result<()> { ) -> aead::Result<()> {
self.crypter self.crypter
.open_in_place(&nonce, &associated_data, buffer, tag) .open_in_place(nonce, associated_data, buffer, tag)
.map_err(|e| error_stack_to_aead_error("open_in_place", e))?; .map_err(|e| error_stack_to_aead_error("open_in_place", e))?;
Ok(()) Ok(())
} }

8
boring-rustls-provider/src/aead/aes.rs
View file

@ -10,7 +10,7 @@ unsafe impl Send for Aes128 {}
unsafe impl Sync for Aes128 {} unsafe impl Sync for Aes128 {}
impl BoringCipher for Aes128 { impl BoringCipher for Aes128 {
fn new() -> Algorithm { fn new_cipher() -> Algorithm {
Algorithm::aes_128_gcm() Algorithm::aes_128_gcm()
} }
@ -44,7 +44,7 @@ unsafe impl Send for Aes256 {}
unsafe impl Sync for Aes256 {} unsafe impl Sync for Aes256 {}
impl BoringCipher for Aes256 { impl BoringCipher for Aes256 {
fn new() -> Algorithm { fn new_cipher() -> Algorithm {
Algorithm::aes_256_gcm() Algorithm::aes_256_gcm()
} }
@ -82,7 +82,7 @@ mod tests {
#[test] #[test]
fn ensure_aes128_aead_core() { fn ensure_aes128_aead_core() {
let alg = Aes128::new(); let alg = Aes128::new_cipher();
let nonce = Nonce::<Aes128>::default(); let nonce = Nonce::<Aes128>::default();
assert_eq!(nonce.len(), alg.nonce_len()); assert_eq!(nonce.len(), alg.nonce_len());
let tag = Tag::<Aes128>::default(); let tag = Tag::<Aes128>::default();
@ -94,7 +94,7 @@ mod tests {
#[test] #[test]
fn ensure_aes256_aead_core() { fn ensure_aes256_aead_core() {
let alg = Aes256::new(); let alg = Aes256::new_cipher();
let nonce = Nonce::<Aes256>::default(); let nonce = Nonce::<Aes256>::default();
assert_eq!(nonce.len(), alg.nonce_len()); assert_eq!(nonce.len(), alg.nonce_len());
let tag = Tag::<Aes256>::default(); let tag = Tag::<Aes256>::default();

4
boring-rustls-provider/src/aead/chacha20.rs
View file

@ -13,7 +13,7 @@ unsafe impl Send for ChaCha20Poly1305 {}
unsafe impl Sync for ChaCha20Poly1305 {} unsafe impl Sync for ChaCha20Poly1305 {}
impl BoringCipher for ChaCha20Poly1305 { impl BoringCipher for ChaCha20Poly1305 {
fn new() -> Algorithm { fn new_cipher() -> Algorithm {
Algorithm::chacha20_poly1305() Algorithm::chacha20_poly1305()
} }
@ -51,7 +51,7 @@ mod tests {
#[test] #[test]
fn ensure_aead_core() { fn ensure_aead_core() {
let alg = ChaCha20Poly1305::new(); let alg = ChaCha20Poly1305::new_cipher();
let nonce = Nonce::<ChaCha20Poly1305>::default(); let nonce = Nonce::<ChaCha20Poly1305>::default();
assert_eq!(nonce.len(), alg.nonce_len()); assert_eq!(nonce.len(), alg.nonce_len());
let tag = Tag::<ChaCha20Poly1305>::default(); let tag = Tag::<ChaCha20Poly1305>::default();

21
boring-rustls-provider/src/hkdf.rs
View file

@ -1,24 +1,25 @@
use std::marker::PhantomData; use std::marker::PhantomData;
use boring::hash::MessageDigest;
use rustls::crypto::tls13::{self, Hkdf as RustlsHkdf}; use rustls::crypto::tls13::{self, Hkdf as RustlsHkdf};
use crate::helper::{cvt, cvt_p}; use crate::helper::{cvt, cvt_p};
pub trait BoringHash: Send + Sync { pub trait BoringHash: Send + Sync {
fn new() -> boring::hash::MessageDigest; fn new_hash() -> MessageDigest;
} }
pub struct Sha256(); pub struct Sha256();
impl BoringHash for Sha256 { impl BoringHash for Sha256 {
fn new() -> boring::hash::MessageDigest { fn new_hash() -> MessageDigest {
boring::hash::MessageDigest::sha256() MessageDigest::sha256()
} }
} }
pub struct Sha384(); pub struct Sha384();
impl BoringHash for Sha384 { impl BoringHash for Sha384 {
fn new() -> boring::hash::MessageDigest { fn new_hash() -> MessageDigest {
boring::hash::MessageDigest::sha384() MessageDigest::sha384()
} }
} }
@ -38,7 +39,7 @@ impl<T: BoringHash> RustlsHkdf for Hkdf<T> {
&self, &self,
salt: Option<&[u8]>, salt: Option<&[u8]>,
) -> Box<dyn rustls::crypto::tls13::HkdfExpander> { ) -> Box<dyn rustls::crypto::tls13::HkdfExpander> {
let hash_size = T::new().size(); let hash_size = T::new_hash().size();
let secret = [0u8; boring_sys::EVP_MAX_MD_SIZE as usize]; let secret = [0u8; boring_sys::EVP_MAX_MD_SIZE as usize];
let secret_len = hash_size; let secret_len = hash_size;
@ -54,7 +55,7 @@ impl<T: BoringHash> RustlsHkdf for Hkdf<T> {
salt: Option<&[u8]>, salt: Option<&[u8]>,
secret: &[u8], secret: &[u8],
) -> Box<dyn rustls::crypto::tls13::HkdfExpander> { ) -> Box<dyn rustls::crypto::tls13::HkdfExpander> {
let digest = T::new(); let digest = T::new_hash();
let hash_size = digest.size(); let hash_size = digest.size();
let mut prk = [0u8; boring_sys::EVP_MAX_MD_SIZE as usize]; let mut prk = [0u8; boring_sys::EVP_MAX_MD_SIZE as usize];
@ -101,7 +102,7 @@ impl<T: BoringHash> RustlsHkdf for Hkdf<T> {
Box::new(HkdfExpander { Box::new(HkdfExpander {
prk, prk,
prk_len, prk_len,
digest: T::new(), digest: T::new_hash(),
}) })
} }
@ -110,7 +111,7 @@ impl<T: BoringHash> RustlsHkdf for Hkdf<T> {
key: &rustls::crypto::tls13::OkmBlock, key: &rustls::crypto::tls13::OkmBlock,
message: &[u8], message: &[u8],
) -> rustls::crypto::hmac::Tag { ) -> rustls::crypto::hmac::Tag {
let digest = T::new(); let digest = T::new_hash();
let mut hash = [0u8; boring_sys::EVP_MAX_MD_SIZE as usize]; let mut hash = [0u8; boring_sys::EVP_MAX_MD_SIZE as usize];
let mut hash_len = 0u32; let mut hash_len = 0u32;
unsafe { unsafe {
@ -132,7 +133,7 @@ impl<T: BoringHash> RustlsHkdf for Hkdf<T> {
pub struct HkdfExpander { pub struct HkdfExpander {
prk: [u8; boring_sys::EVP_MAX_MD_SIZE as usize], prk: [u8; boring_sys::EVP_MAX_MD_SIZE as usize],
prk_len: usize, prk_len: usize,
digest: boring::hash::MessageDigest, digest: MessageDigest,
} }
impl tls13::HkdfExpander for HkdfExpander { impl tls13::HkdfExpander for HkdfExpander {

4
boring-rustls-provider/src/kx/dh.rs
View file

@ -110,8 +110,8 @@ mod tests {
let alice = DhKeyExchange::generate_ffdhe_2048().unwrap(); let alice = DhKeyExchange::generate_ffdhe_2048().unwrap();
let bob = DhKeyExchange::generate_ffdhe_2048().unwrap(); let bob = DhKeyExchange::generate_ffdhe_2048().unwrap();
let shared_secret1 = alice.diffie_hellman(&bob.pub_key()).unwrap(); let shared_secret1 = alice.diffie_hellman(bob.pub_key()).unwrap();
let shared_secret2 = bob.diffie_hellman(&alice.pub_key()).unwrap(); let shared_secret2 = bob.diffie_hellman(alice.pub_key()).unwrap();
assert_eq!(shared_secret1, shared_secret2) assert_eq!(shared_secret1, shared_secret2)
} }

2
boring-rustls-provider/src/sign.rs
View file

@ -58,7 +58,7 @@ fn rsa_signer_from_params(
digest: MessageDigest, digest: MessageDigest,
padding: Padding, padding: Padding,
) -> Signer { ) -> Signer {
let mut signer = Signer::new(digest.clone(), key).expect("failed getting signer"); let mut signer = Signer::new(digest, key).expect("failed getting signer");
signer signer
.set_rsa_padding(padding) .set_rsa_padding(padding)
.expect("failed setting padding"); .expect("failed setting padding");

3
boring-rustls-provider/src/verify/ec.rs
View file

@ -75,8 +75,7 @@ fn ec_verifier_from_params(
key: &boring::pkey::PKeyRef<boring::pkey::Public>, key: &boring::pkey::PKeyRef<boring::pkey::Public>,
digest: MessageDigest, digest: MessageDigest,
) -> boring::sign::Verifier { ) -> boring::sign::Verifier {
let verifier = let verifier = boring::sign::Verifier::new(digest, key).expect("failed getting verifier");
boring::sign::Verifier::new(digest.clone(), key).expect("failed getting verifier");
verifier verifier
} }

3
boring-rustls-provider/src/verify/rsa.rs
View file

@ -87,8 +87,7 @@ fn rsa_verifier_from_params(
digest: MessageDigest, digest: MessageDigest,
padding: Padding, padding: Padding,
) -> boring::sign::Verifier { ) -> boring::sign::Verifier {
let mut verifier = let mut verifier = boring::sign::Verifier::new(digest, key).expect("failed getting verifier");
boring::sign::Verifier::new(digest.clone(), key).expect("failed getting verifier");
verifier verifier
.set_rsa_padding(padding) .set_rsa_padding(padding)
.expect("failed setting padding"); .expect("failed setting padding");