diff --git a/.clippy.toml b/.clippy.toml new file mode 100644 index 0000000..2e06d15 --- /dev/null +++ b/.clippy.toml @@ -0,0 +1,2 @@ +allow-unwrap-in-consts = true +allow-unwrap-in-tests = true diff --git a/Cargo.toml b/Cargo.toml index 05682de..4222bd0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,3 +10,43 @@ members = [ [profile.dev] opt-level = 2 + +[workspace.lints.clippy] +borrow_as_ptr = "warn" +cast_lossless = "warn" +cast_possible_truncation = "warn" +cast_possible_wrap = "warn" +cast_precision_loss = "warn" +cast_sign_loss = "warn" +checked_conversions = "warn" +doc_markdown = "warn" +from_iter_instead_of_collect = "warn" +implicit_saturating_sub = "warn" +manual_assert = "warn" +map_unwrap_or = "warn" +missing_errors_doc = "warn" +missing_panics_doc = "warn" +mod_module_files = "warn" +must_use_candidate = "warn" +needless_range_loop = "allow" +ptr_as_ptr = "warn" +redundant_closure_for_method_calls = "warn" +ref_as_ptr = "warn" +return_self_not_must_use = "warn" +semicolon_if_nothing_returned = "warn" +trivially_copy_pass_by_ref = "warn" +std_instead_of_alloc = "warn" +std_instead_of_core = "warn" +undocumented_unsafe_blocks = "warn" +unnecessary_safety_comment = "warn" +unwrap_used = "warn" + +[workspace.lints.rust] +missing_copy_implementations = "warn" +missing_debug_implementations = "warn" +missing_docs = "warn" +trivial_casts = "warn" +trivial_numeric_casts = "warn" +unsafe_code = "forbid" +unused_lifetimes = "warn" +unused_qualifications = "warn" diff --git a/ansi-x963-kdf/Cargo.toml b/ansi-x963-kdf/Cargo.toml index 4621004..695b4db 100644 --- a/ansi-x963-kdf/Cargo.toml +++ b/ansi-x963-kdf/Cargo.toml @@ -18,3 +18,6 @@ digest = "0.11" [dev-dependencies] hex-literal = "1" sha2 = { version = "0.11", default-features = false } + +[lints] +workspace = true diff --git a/ansi-x963-kdf/README.md b/ansi-x963-kdf/README.md index 392789b..6b2f000 100644 --- a/ansi-x963-kdf/README.md +++ b/ansi-x963-kdf/README.md @@ -1,4 +1,4 @@ -# RustCrypto: ANSI X9.63 Key Derivation Function +# [RustCrypto]: ANSI X9.63 Key Derivation Function [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] @@ -39,6 +39,8 @@ Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions. +[//]: # (badges) + [crate-image]: https://img.shields.io/crates/v/ansi-x963-kdf.svg?logo=rust [crate-link]: https://crates.io/crates/ansi-x963-kdf [docs-image]: https://docs.rs/ansi-x963-kdf/badge.svg @@ -49,3 +51,7 @@ dual licensed as above, without any additional terms or conditions. [rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260043-KDFs + +[//]: # (links) + +[RustCrypto]: https://github.com/RustCrypto diff --git a/ansi-x963-kdf/src/lib.rs b/ansi-x963-kdf/src/lib.rs index 36dea83..6367e23 100644 --- a/ansi-x963-kdf/src/lib.rs +++ b/ansi-x963-kdf/src/lib.rs @@ -5,8 +5,6 @@ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" )] #![cfg_attr(docsrs, feature(doc_cfg))] -#![forbid(unsafe_code)] -#![warn(missing_docs)] use core::fmt; use digest::{Digest, FixedOutputReset, array::typenum::Unsigned}; @@ -22,6 +20,10 @@ use digest::{Digest, FixedOutputReset, array::typenum::Unsigned}; /// ansi_x963_kdf::derive_key_into::(b"secret", b"shared-info", &mut key).unwrap(); /// assert_eq!(key, hex!("8dbb1d50bcc7fc782abc9db5c64a2826")); /// ``` +/// +/// # Errors +/// - Returns [`Error::InputOverflow`] if too much input is provided +/// - Returns [`Error::CounterOverflow`] if `key` is too long #[inline] pub fn derive_key_into(secret: &[u8], shared_info: &[u8], key: &mut [u8]) -> Result<(), Error> where @@ -38,13 +40,14 @@ where // 1. Check that |Z| + |SharedInfo| + 4 < hashmaxlen // where "hashmaxlen denote the maximum length in octets of messages that can be hashed using Hash". // N.B.: `D::OutputSize::U64 * (u32::MAX as u64)`` is currently used as an approximation of hashmaxlen. - if secret.len() as u64 + shared_info.len() as u64 + 4 >= D::OutputSize::U64 * (u32::MAX as u64) + if secret.len() as u64 + shared_info.len() as u64 + 4 + >= D::OutputSize::U64 * u64::from(u32::MAX) { return Err(Error::InputOverflow); } // 2. Check that keydatalen < hashlen × (2^32 − 1) - if key.len() as u64 >= D::OutputSize::U64 * (u32::MAX as u64) { + if key.len() as u64 >= D::OutputSize::U64 * u64::from(u32::MAX) { return Err(Error::CounterOverflow); } diff --git a/ansi-x963-kdf/tests/tests.rs b/ansi-x963-kdf/tests/tests.rs index 89dd19d..028c679 100644 --- a/ansi-x963-kdf/tests/tests.rs +++ b/ansi-x963-kdf/tests/tests.rs @@ -4,6 +4,8 @@ //! KDF2 implementation [KDF2BytesGenerator][1] //! //! [1]: https://downloads.bouncycastle.org/java/docs/bcprov-jdk18on-javadoc/ +#![allow(clippy::unwrap_used, reason = "tests")] + use digest::{Digest, FixedOutputReset}; use hex_literal::hex; use sha2::{Sha224, Sha256, Sha512}; diff --git a/bake-kdf/Cargo.toml b/bake-kdf/Cargo.toml index 45779a6..2fc3053 100644 --- a/bake-kdf/Cargo.toml +++ b/bake-kdf/Cargo.toml @@ -18,5 +18,8 @@ belt-hash = { version = "0.2.0-rc.5", default-features = false } [dev-dependencies] hex-literal = "1" +[lints] +workspace = true + [package.metadata.docs.rs] all-features = true diff --git a/bake-kdf/README.md b/bake-kdf/README.md index 8149ce3..914fc60 100644 --- a/bake-kdf/README.md +++ b/bake-kdf/README.md @@ -1,4 +1,4 @@ -# RustCrypto: bake-kdf +# [RustCrypto]: bake-kdf [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] @@ -53,3 +53,7 @@ dual licensed as above, without any additional terms or conditions. [rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260043-KDFs + +[//]: # (links) + +[RustCrypto]: https://github.com/RustCrypto diff --git a/bake-kdf/src/lib.rs b/bake-kdf/src/lib.rs index 0cf3354..10f8941 100644 --- a/bake-kdf/src/lib.rs +++ b/bake-kdf/src/lib.rs @@ -5,8 +5,7 @@ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" )] #![cfg_attr(docsrs, feature(doc_cfg))] -#![forbid(unsafe_code)] -#![warn(missing_docs)] +#![allow(clippy::unwrap_used, reason = "todo")] use belt_hash::digest::FixedOutput; use belt_hash::{BeltHash, Digest, block_api::belt_compress}; @@ -15,9 +14,13 @@ use belt_hash::{BeltHash, Digest, block_api::belt_compress}; /// /// # Panics /// If `N` is not equal to 16, 24, or 32. -// TODO: use compile-time checks for `N` #[inline] +#[must_use] pub fn belt_keyexpand(k: &[u8; N]) -> [u32; 8] { + const { + assert!(matches!(N, 16 | 24 | 32), "N must be 16, 24, or 32"); + } + let mut t = [0u32; 8]; // TODO: move this conversion into `belt_keyrep` when we will be able // to use generic parameters as `[u32; N / 4]`. @@ -44,15 +47,30 @@ pub fn belt_keyexpand(k: &[u8; N]) -> [u32; 8] { /// `belt-keyrep` key repetition algorithm described in STB 34.101.31-2020 8.1.3. /// /// # Panics -/// If `(N, M)` is not equal to `(16, 16)`, `(24, 16)`, `(24, 24)`, -/// `(32, 16)`, `(32, 24)`, or `(32, 32)`. -// TODO: use compile-time check for `N` and `M` +/// If `(N, M)` is not equal to one of: +/// - `(16, 16)` +/// - `(24, 16)` +/// - `(24, 24)` +/// - `(32, 16)` +/// - `(32, 24)` +/// - `(32, 32)` #[inline] +#[must_use] pub fn belt_keyrep( x: &[u8; N], d: &[u8; 12], i: &[u8; 16], ) -> [u8; M] { + const { + assert!( + matches!( + (N, M), + (16, 16) | (24, 16) | (24, 24) | (32, 16) | (32, 24) | (32, 32) + ), + "invalid N/M values" + ); + } + let r: u32 = match (N, M) { (16, 16) => 0xC8BA94B1, (24, 16) => 0x12D6E35B, @@ -89,6 +107,7 @@ pub fn belt_keyrep( /// `bake-kdf` key derivation algorithm described in STB 34.101.66-2014 8.1.4. #[inline] +#[must_use] pub fn bake_kdf(x: &[u8], s: &[u8], c: u128) -> [u8; 32] { let mut hasher = BeltHash::default(); hasher.update(x); diff --git a/bake-kdf/tests/tests.rs b/bake-kdf/tests/tests.rs index e2bbcee..fed38a8 100644 --- a/bake-kdf/tests/tests.rs +++ b/bake-kdf/tests/tests.rs @@ -1,3 +1,5 @@ +//! Test vectors + use bake_kdf::{bake_kdf, belt_keyexpand, belt_keyrep}; use hex_literal::hex; diff --git a/hkdf/Cargo.toml b/hkdf/Cargo.toml index 6aeb181..77b577b 100644 --- a/hkdf/Cargo.toml +++ b/hkdf/Cargo.toml @@ -24,5 +24,8 @@ hex-literal = "1" sha1 = { version = "0.11", default-features = false } sha2 = { version = "0.11", default-features = false } +[lints] +workspace = true + [package.metadata.docs.rs] all-features = true diff --git a/hkdf/README.md b/hkdf/README.md index fb2ada2..ac06954 100644 --- a/hkdf/README.md +++ b/hkdf/README.md @@ -1,4 +1,4 @@ -# RustCrypto: HKDF +# [RustCrypto]: HKDF [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] @@ -112,3 +112,7 @@ dual licensed as above, without any additional terms or conditions. [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260043-KDFs [build-image]: https://github.com/RustCrypto/KDFs/workflows/hkdf/badge.svg?branch=master&event=push [build-link]: https://github.com/RustCrypto/KDFs/actions?query=workflow:hkdf + +[//]: # (links) + +[RustCrypto]: https://github.com/RustCrypto diff --git a/hkdf/src/errors.rs b/hkdf/src/errors.rs index 127b49c..063ba71 100644 --- a/hkdf/src/errors.rs +++ b/hkdf/src/errors.rs @@ -12,7 +12,7 @@ impl fmt::Display for InvalidPrkLength { impl core::error::Error for InvalidPrkLength {} -/// Structure for InvalidLength, used for output error handling. +/// Structure for `InvalidLength`, used for output error handling. #[derive(Copy, Clone, Debug)] pub struct InvalidLength; diff --git a/hkdf/src/lib.rs b/hkdf/src/lib.rs index de5c52a..c97ebc1 100644 --- a/hkdf/src/lib.rs +++ b/hkdf/src/lib.rs @@ -5,8 +5,6 @@ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" )] #![cfg_attr(docsrs, feature(doc_cfg))] -#![forbid(unsafe_code)] -#![warn(missing_docs)] use hmac::{ Hmac, SimpleHmac, @@ -44,6 +42,7 @@ pub struct GenericHkdfExtract { impl GenericHkdfExtract { /// Initiates the HKDF-Extract context with the given optional salt + #[must_use] pub fn new(salt: Option<&[u8]>) -> Self { let default_salt = Output::::default(); let salt = salt.unwrap_or(&default_salt); @@ -58,6 +57,7 @@ impl GenericHkdfExtract { /// Completes the HKDF-Extract operation, returning both the generated pseudorandom key and /// `Hkdf` struct for expanding. + #[allow(clippy::missing_panics_doc, reason = "PRK size is correct")] pub fn finalize(self) -> (Output, GenericHkdf) { let prk = self.hmac.finalize(); let hkdf = GenericHkdf::::from_prk(&prk).expect("PRK size is correct"); @@ -90,6 +90,7 @@ impl GenericHkdf { /// Convenience method for [`extract`][Hkdf::extract] when the generated /// pseudorandom key can be ignored and only HKDF-Expand operation is needed. This is the most /// common constructor. + #[must_use] pub fn new(salt: Option<&[u8]>, ikm: &[u8]) -> Self { let (_, hkdf) = Self::extract(salt, ikm); hkdf @@ -97,6 +98,9 @@ impl GenericHkdf { /// Create `Hkdf` from an already cryptographically strong pseudorandom key /// as per section 3.3 from RFC5869. + /// + /// # Errors + /// Returns [`InvalidPrkLength`] if `prk` is shorter than the output size of `H`. pub fn from_prk(prk: &[u8]) -> Result { // section 2.3 specifies that `prk` must be "at least HashLen octets" let hash_len = ::OutputSize::to_usize(); @@ -109,6 +113,7 @@ impl GenericHkdf { /// The RFC5869 HKDF-Extract operation returning both the generated /// pseudorandom key and `Hkdf` struct for expanding. + #[must_use] pub fn extract(salt: Option<&[u8]>, ikm: &[u8]) -> (Output, Self) { let mut extract_ctx = GenericHkdfExtract::::new(salt); extract_ctx.input_ikm(ikm); @@ -118,6 +123,10 @@ impl GenericHkdf { /// The RFC5869 HKDF-Expand operation. This is equivalent to calling /// [`expand`][Hkdf::extract] with the `info` argument set equal to the /// concatenation of all the elements of `info_components`. + /// + /// # Errors + /// Returns [`InvalidLength`] in the event `okm` is too large. + #[allow(clippy::missing_panics_doc, reason = "expect should not fail")] pub fn expand_multi_info( &self, info_components: &[&[u8]], @@ -134,7 +143,7 @@ impl GenericHkdf { let mut hmac = self.hmac.clone(); if let Some(ref prev) = prev { - hmac.update(prev) + hmac.update(prev); }; // Feed in the info components in sequence. This is equivalent to feeding in the @@ -143,7 +152,7 @@ impl GenericHkdf { hmac.update(info); } - hmac.update(&[block_n as u8 + 1]); + hmac.update(&[u8::try_from(block_n).expect("should convert") + 1]); let output = hmac.finalize(); @@ -159,6 +168,9 @@ impl GenericHkdf { /// The RFC5869 HKDF-Expand operation /// /// If you don't have any `info` to pass, use an empty slice. + /// + /// # Errors + /// Returns [`InvalidLength`] in the event `okm` is too large. pub fn expand(&self, info: &[u8], okm: &mut [u8]) -> Result<(), InvalidLength> { self.expand_multi_info(&[info], okm) } diff --git a/hkdf/tests/rfc5869.rs b/hkdf/tests/rfc5869.rs index 67ed921..e15f355 100644 --- a/hkdf/tests/rfc5869.rs +++ b/hkdf/tests/rfc5869.rs @@ -1,4 +1,6 @@ -//! Test vectors from https://tools.ietf.org/html/rfc5869 +//! Test vectors from . +#![allow(clippy::unwrap_used, reason = "tests")] + use hkdf::{GenericHkdf, HmacImpl}; use hmac::{Hmac, SimpleHmac}; diff --git a/hkdf/tests/tests.rs b/hkdf/tests/tests.rs index f044495..450faa9 100644 --- a/hkdf/tests/tests.rs +++ b/hkdf/tests/tests.rs @@ -1,3 +1,5 @@ +//! Integration tests. + use core::iter; use hex_literal::hex; @@ -184,7 +186,7 @@ fn test_extract_streaming() { #[test] fn test_debug_impls() { - fn needs_debug() {} + fn needs_debug() {} needs_debug::>(); needs_debug::>(); } diff --git a/hkdf/tests/wycheproof.rs b/hkdf/tests/wycheproof.rs index 48ed436..4b5f0fd 100644 --- a/hkdf/tests/wycheproof.rs +++ b/hkdf/tests/wycheproof.rs @@ -1,3 +1,5 @@ +//! Wycheproof test vectors. + use hkdf::{GenericHkdf, HmacImpl}; use hmac::{Hmac, SimpleHmac}; diff --git a/kbkdf/Cargo.toml b/kbkdf/Cargo.toml index 738944f..6afdf71 100644 --- a/kbkdf/Cargo.toml +++ b/kbkdf/Cargo.toml @@ -25,5 +25,8 @@ sha1 = { version = "0.11", default-features = false } cmac = "0.8.0-rc.4" aes = "0.9.0-rc.4" +[lints] +workspace = true + [package.metadata.docs.rs] all-features = true diff --git a/kbkdf/README.md b/kbkdf/README.md index f071a98..fc65c3f 100644 --- a/kbkdf/README.md +++ b/kbkdf/README.md @@ -1,4 +1,4 @@ -# RustCrypto: KBKDF +# [RustCrypto]: KBKDF [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] @@ -53,6 +53,8 @@ Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions. +[//]: # (badges) + [crate-image]: https://img.shields.io/crates/v/kbkdf.svg [crate-link]: https://crates.io/crates/kbkdf [docs-image]: https://docs.rs/kbkdf/badge.svg @@ -64,3 +66,6 @@ dual licensed as above, without any additional terms or conditions. [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260043-KDFs +[//]: # (links) + +[RustCrypto]: https://github.com/RustCrypto diff --git a/kbkdf/src/lib.rs b/kbkdf/src/lib.rs index 3ad431c..b374c74 100644 --- a/kbkdf/src/lib.rs +++ b/kbkdf/src/lib.rs @@ -5,8 +5,6 @@ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" )] #![cfg_attr(docsrs, feature(doc_cfg))] -#![forbid(unsafe_code)] -#![warn(missing_docs)] use core::{fmt, marker::PhantomData, ops::Mul}; use digest::{ @@ -20,7 +18,7 @@ use digest::{ pub mod sealed; /// KBKDF error type. -#[derive(Debug, PartialEq)] +#[derive(Clone, Copy, Debug, PartialEq)] pub enum Error { /// Indicates that the requested length of the derived key is too large for the value of R specified. InvalidRequestSize, @@ -42,6 +40,7 @@ impl core::error::Error for Error {} /// Parameters used for KBKDF. /// /// For more details, read the official specification: [NIST SP 800-108r1](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf). +#[derive(Clone, Copy, Debug)] pub struct Params<'k, 'l, 'c> { /// Key-derivation key. /// @@ -66,6 +65,7 @@ pub struct Params<'k, 'l, 'c> { impl<'k, 'l, 'c> Params<'k, 'l, 'c> { /// Create a new builder for [`Params`] + #[must_use] pub fn builder(kin: &'k [u8]) -> ParamsBuilder<'k, 'l, 'c> { let params = Params { kin, @@ -80,39 +80,46 @@ impl<'k, 'l, 'c> Params<'k, 'l, 'c> { } /// Parameters builders for [`Params`]. +#[derive(Clone, Debug)] pub struct ParamsBuilder<'k, 'l, 'c>(Params<'k, 'l, 'c>); impl<'k, 'l, 'c> ParamsBuilder<'k, 'l, 'c> { /// Return the built [`Params`] + #[must_use] pub fn build(self) -> Params<'k, 'l, 'c> { self.0 } /// Set the label for the parameters + #[must_use] pub fn with_label(mut self, label: &'l [u8]) -> Self { self.0.label = label; self } /// Set the context for the parameters + #[must_use] pub fn with_context(mut self, context: &'c [u8]) -> Self { self.0.context = context; self } /// During the iterations, append the length of the Prf + #[must_use] pub fn use_l(mut self, use_l: bool) -> Self { self.0.use_l = use_l; self } /// During the iterations, separate the label from the context with a NULL byte + #[must_use] pub fn use_separator(mut self, use_separator: bool) -> Self { self.0.use_separator = use_separator; self } /// During the iterations, update the Prf with the iteration counter + #[must_use] pub fn use_counter(mut self, use_counter: bool) -> Self { self.0.use_counter = use_counter; self @@ -162,6 +169,9 @@ where >::Output: Unsigned, { /// Derives `key` from `kin` and other parameters. + /// + /// # Errors + /// Returns [`Error::InvalidRequestSize`] if too many PRF iterations would be needed. fn derive(&self, params: Params<'_, '_, '_>) -> Result, Error> { // n - An integer whose value is the number of iterations of the PRF needed to generate L // bits of keying material @@ -178,7 +188,7 @@ where let mut ki = None; self.input_iv(&mut ki); let mut a = { - let mut h = Prf::new_from_slice(params.kin).unwrap(); + let mut h = Prf::new_from_slice(params.kin).expect("should be the right size"); h.update(params.label); if params.use_separator { h.update(&[0]); @@ -190,13 +200,13 @@ where for counter in 1..=n { if counter > 1 { a = { - let mut h = Prf::new_from_slice(params.kin).unwrap(); + let mut h = Prf::new_from_slice(params.kin).expect("should be the right size"); h.update(a.as_slice()); h.finalize().into_bytes() }; } - let mut h = Prf::new_from_slice(params.kin).unwrap(); + let mut h = Prf::new_from_slice(params.kin).expect("should be the right size"); if Self::FEEDBACK_KI { if let Some(ki) = ki { @@ -257,6 +267,7 @@ where } /// KBKDF in Counter Mode. +#[derive(Debug)] pub struct Counter { _marker: PhantomData<(Prf, K, R)>, } @@ -282,6 +293,7 @@ where } /// KBKDF in Feedback Mode. +#[derive(Debug)] pub struct Feedback<'a, Prf, K, R = U32> where Prf: Mac, @@ -295,6 +307,7 @@ where Prf: Mac, { /// Creates a new [`Feedback`] instance with an optional IV. + #[must_use] pub fn new(iv: Option<&'a Array>) -> Self { Self { iv, @@ -315,7 +328,7 @@ where { fn input_iv(&self, ki: &mut Option>) { if let Some(iv) = self.iv { - *ki = Some(iv.clone()) + *ki = Some(iv.clone()); } } @@ -323,6 +336,7 @@ where } /// KBKDF in Double-Pipeline Mode. +#[derive(Debug)] pub struct DoublePipeline where Prf: Mac, diff --git a/kbkdf/tests/kbkdf/main.rs b/kbkdf/tests/kbkdf/main.rs index 121a288..57df75f 100644 --- a/kbkdf/tests/kbkdf/main.rs +++ b/kbkdf/tests/kbkdf/main.rs @@ -1,3 +1,5 @@ +//! KBKDF tests. + mod parser; type HmacSha1 = hmac::Hmac; diff --git a/kbkdf/tests/kbkdf/parser.rs b/kbkdf/tests/kbkdf/parser.rs index 2cf415d..c212975 100644 --- a/kbkdf/tests/kbkdf/parser.rs +++ b/kbkdf/tests/kbkdf/parser.rs @@ -1,3 +1,7 @@ +//! Parser tests. +#![allow(clippy::trivially_copy_pass_by_ref, reason = "tests")] +#![allow(clippy::unwrap_used, reason = "tests")] + use digest::consts::*; use kbkdf::{Kbkdf, Params}; diff --git a/one-step-kdf/Cargo.toml b/one-step-kdf/Cargo.toml index dcfa4dd..61a2859 100644 --- a/one-step-kdf/Cargo.toml +++ b/one-step-kdf/Cargo.toml @@ -18,3 +18,6 @@ digest = "0.11" [dev-dependencies] hex-literal = "1" sha2 = { version = "0.11", default-features = false } + +[lints] +workspace = true diff --git a/one-step-kdf/README.md b/one-step-kdf/README.md index e35577a..5aa9cdf 100644 --- a/one-step-kdf/README.md +++ b/one-step-kdf/README.md @@ -1,4 +1,4 @@ -# RustCrypto: One-Step KDF +# [RustCrypto]: One-Step KDF [![crate][crate-image]][crate-link] [![Docs][docs-image]][docs-link] @@ -42,6 +42,8 @@ Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions. +[//]: # (badges) + [crate-image]: https://img.shields.io/crates/v/one-step-kdf.svg [crate-link]: https://crates.io/crates/one-step-kdf [docs-image]: https://docs.rs/one-step-kdf/badge.svg @@ -52,3 +54,7 @@ dual licensed as above, without any additional terms or conditions. [rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260043-KDFs + +[//]: # (links) + +[RustCrypto]: https://github.com/RustCrypto diff --git a/one-step-kdf/src/lib.rs b/one-step-kdf/src/lib.rs index ca7c15a..bc84946 100644 --- a/one-step-kdf/src/lib.rs +++ b/one-step-kdf/src/lib.rs @@ -5,8 +5,6 @@ html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" )] #![cfg_attr(docsrs, feature(doc_cfg))] -#![forbid(unsafe_code)] -#![warn(missing_docs)] use core::fmt; use digest::{Digest, FixedOutputReset, Update, array::typenum::Unsigned}; @@ -22,6 +20,11 @@ use digest::{Digest, FixedOutputReset, Update, array::typenum::Unsigned}; /// one_step_kdf::derive_key_into::(b"secret", b"shared-info", &mut key).unwrap(); /// assert_eq!(key, hex!("960db2c549ab16d71a7b008e005c2bdc")); /// ``` +/// +/// # Errors +/// - Returns [`Error::NoSecret`] if `secret` is empty. +/// - Returns [`Error::NoOutput`] if `output` is empty. +/// - Returns [`Error::CounterOverflow`] if `key` is too large. pub fn derive_key_into(secret: &[u8], other_info: &[u8], key: &mut [u8]) -> Result<(), Error> where D: Digest + FixedOutputReset, @@ -35,7 +38,7 @@ where } // Key length shall be less than or equal to hash output length * (2^32 - 1). - if (key.len() as u64) >= D::OutputSize::U64 * (u32::MAX as u64) { + if (key.len() as u64) >= D::OutputSize::U64 * u64::from(u32::MAX) { return Err(Error::CounterOverflow); } diff --git a/one-step-kdf/tests/tests.rs b/one-step-kdf/tests/tests.rs index 541bcbf..5cfbcc1 100644 --- a/one-step-kdf/tests/tests.rs +++ b/one-step-kdf/tests/tests.rs @@ -1,3 +1,6 @@ +//! Test vectors. +#![allow(clippy::unwrap_used, reason = "tests")] + use digest::{Digest, FixedOutputReset}; use hex_literal::hex; use sha2::{Sha224, Sha256, Sha512};