From f0d4d21e857129cfe1458a36ee60623666d02e4e Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 10 Apr 2019 09:33:38 -1000 Subject: [PATCH] Use stable rustfmt. --- build.rs | 71 +++++++--- rustfmt.toml | 8 -- src/aead.rs | 64 ++++++--- src/aead/aes.rs | 53 +++++--- src/aead/aes_gcm.rs | 55 ++++++-- src/aead/block.rs | 28 +++- src/aead/chacha.rs | 25 +++- src/aead/chacha20_poly1305.rs | 26 +++- src/aead/chacha20_poly1305_openssh.rs | 13 +- src/aead/gcm.rs | 42 +++--- src/aead/nonce.rs | 28 +++- src/aead/poly1305.rs | 21 ++- src/aead/quic.rs | 19 ++- src/agreement.rs | 27 +++- src/bits.rs | 8 +- src/bssl.rs | 2 +- src/debug.rs | 7 +- src/digest.rs | 16 ++- src/digest/sha1.rs | 16 ++- src/ec/curve25519/ed25519/signing.rs | 14 +- src/ec/curve25519/ed25519/verification.rs | 10 +- src/ec/curve25519/ops.rs | 8 +- src/ec/curve25519/x25519.rs | 25 +++- src/ec/keys.rs | 24 +++- src/ec/suite_b.rs | 24 +++- src/ec/suite_b/curve.rs | 6 +- src/ec/suite_b/ecdh.rs | 11 +- src/ec/suite_b/ecdsa/digest_scalar.rs | 2 +- src/ec/suite_b/ecdsa/signing.rs | 34 +++-- src/ec/suite_b/ecdsa/verification.rs | 28 +++- src/ec/suite_b/ops.rs | 100 ++++++++++---- src/ec/suite_b/ops/elem.rs | 18 ++- src/ec/suite_b/ops/p256.rs | 8 +- src/ec/suite_b/ops/p384.rs | 12 +- src/ec/suite_b/private_key.rs | 25 +++- src/ec/suite_b/public_key.rs | 3 +- src/endian.rs | 12 +- src/error.rs | 72 +++++++--- src/hkdf.rs | 4 +- src/hmac.rs | 15 ++- src/io/der.rs | 25 ++-- src/io/positive.rs | 4 +- src/io/writer.rs | 24 +++- src/limb.rs | 21 ++- src/pbkdf2.rs | 10 +- src/pkcs8.rs | 26 +++- src/polyfill.rs | 8 +- src/polyfill/convert.rs | 11 +- src/rand.rs | 14 +- src/rsa/bigint.rs | 157 ++++++++++++++++------ src/rsa/padding.rs | 49 +++++-- src/rsa/signing.rs | 18 ++- src/rsa/verification.rs | 21 ++- src/signature.rs | 13 +- src/test.rs | 53 +++++--- tests/aead_tests.rs | 16 ++- tests/agreement_tests.rs | 11 +- tests/ecdsa_tests.rs | 4 +- tests/hmac_tests.rs | 7 +- tests/quic_tests.rs | 12 +- 60 files changed, 1082 insertions(+), 406 deletions(-) diff --git a/build.rs b/build.rs index 3932dd201b..e3d11034e5 100644 --- a/build.rs +++ b/build.rs @@ -335,10 +335,18 @@ struct Target { } impl Target { - pub fn arch(&self) -> &str { &self.arch } - pub fn os(&self) -> &str { &self.os } - pub fn env(&self) -> &str { &self.env } - pub fn is_debug(&self) -> bool { self.is_debug } + pub fn arch(&self) -> &str { + &self.arch + } + pub fn os(&self) -> &str { + &self.os + } + pub fn env(&self) -> &str { + &self.env + } + pub fn is_debug(&self) -> bool { + self.is_debug + } } fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { @@ -440,8 +448,13 @@ fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { } fn build_library( - target: &Target, out_dir: &Path, lib_name: &str, srcs: &[PathBuf], additional_srcs: &[PathBuf], - warnings_are_errors: bool, includes_modified: SystemTime, + target: &Target, + out_dir: &Path, + lib_name: &str, + srcs: &[PathBuf], + additional_srcs: &[PathBuf], + warnings_are_errors: bool, + includes_modified: SystemTime, ) { // Compile all the (dirty) source files into object files. let objs = additional_srcs @@ -468,10 +481,10 @@ fn build_library( "macos" => { let _ = c.flag("-fPIC"); let _ = c.flag("-Wl,-dead_strip"); - }, + } _ => { let _ = c.flag("-Wl,--gc-sections".into()); - }, + } } for o in objs { let _ = c.object(o); @@ -494,7 +507,10 @@ fn build_library( } fn compile( - p: &Path, target: &Target, warnings_are_errors: bool, out_dir: &Path, + p: &Path, + target: &Target, + warnings_are_errors: bool, + out_dir: &Path, includes_modified: SystemTime, ) -> String { let ext = p.extension().unwrap().to_str().unwrap(); @@ -523,15 +539,20 @@ fn obj_path(out_dir: &Path, src: &Path, obj_ext: &str) -> PathBuf { } fn cc( - file: &Path, ext: &str, target: &Target, warnings_are_errors: bool, out_dir: &Path, + file: &Path, + ext: &str, + target: &Target, + warnings_are_errors: bool, + out_dir: &Path, ) -> Command { let mut c = cc::Build::new(); let _ = c.include("include"); match ext { - "c" => + "c" => { for f in c_flags(target) { let _ = c.flag(f); - }, + } + } "S" => (), e => panic!("Unsupported file extension: {:?}", e), }; @@ -546,11 +567,11 @@ fn cc( // ``-gfull`` is required for Darwin's |-dead_strip|. ("macos", _) => { let _ = c.flag("-gfull"); - }, + } (_, "msvc") => (), _ => { let _ = c.flag("-g3"); - }, + } }; if !target.is_debug() { let _ = c.define("NDEBUG", None); @@ -646,7 +667,10 @@ fn sources_for_arch(arch: &str) -> Vec { } fn perlasm_src_dsts( - out_dir: &Path, arch: &str, os: Option<&str>, perlasm_format: &str, + out_dir: &Path, + arch: &str, + os: Option<&str>, + perlasm_format: &str, ) -> Vec<(PathBuf, PathBuf)> { let srcs = sources_for_arch(arch); let mut src_dsts = srcs @@ -683,7 +707,9 @@ fn asm_srcs(perlasm_src_dsts: Vec<(PathBuf, PathBuf)>) -> Vec { .collect::>() } -fn is_perlasm(path: &PathBuf) -> bool { path.extension().unwrap().to_str().unwrap() == "pl" } +fn is_perlasm(path: &PathBuf) -> bool { + path.extension().unwrap().to_str().unwrap() == "pl" +} fn asm_path(out_dir: &Path, src: &Path, os: Option<&str>, perlasm_format: &str) -> PathBuf { let src_stem = src.file_stem().expect("source file without basename"); @@ -695,7 +721,9 @@ fn asm_path(out_dir: &Path, src: &Path, os: Option<&str>, perlasm_format: &str) } fn perlasm( - src_dst: &[(PathBuf, PathBuf)], arch: &str, perlasm_format: &str, + src_dst: &[(PathBuf, PathBuf)], + arch: &str, + perlasm_format: &str, includes_modified: Option, ) { for (src, dst) in src_dst { @@ -744,7 +772,9 @@ fn file_modified(path: &Path) -> SystemTime { .expect("nah") } -fn get_command(var: &str, default: &str) -> String { std::env::var(var).unwrap_or(default.into()) } +fn get_command(var: &str, default: &str) -> String { + std::env::var(var).unwrap_or(default.into()) +} fn check_all_files_tracked() { for path in &["crypto", "include", "third_party/fiat"] { @@ -757,8 +787,9 @@ fn is_tracked(file: &DirEntry) { let cmp = |f| p == PathBuf::from(f); let tracked = match p.extension().and_then(|p| p.to_str()) { Some("h") | Some("inl") => RING_INCLUDES.iter().any(cmp), - Some("c") | Some("S") | Some("asm") => - RING_SRCS.iter().any(|(_, f)| cmp(f)) || RING_TEST_SRCS.iter().any(cmp), + Some("c") | Some("S") | Some("asm") => { + RING_SRCS.iter().any(|(_, f)| cmp(f)) || RING_TEST_SRCS.iter().any(cmp) + } Some("pl") => RING_SRCS.iter().any(|(_, f)| cmp(f)) || RING_PERL_INCLUDES.iter().any(cmp), _ => true, }; diff --git a/rustfmt.toml b/rustfmt.toml index a9ae3c49bd..a032c005c5 100644 --- a/rustfmt.toml +++ b/rustfmt.toml @@ -1,13 +1,5 @@ edition = "2018" -fn_args_density = "Compressed" -fn_single_line = true -match_arm_blocks = false -match_block_trailing_comma = true max_width = 100 -merge_imports = true newline_style = "Unix" reorder_imports = true -trailing_comma = "Vertical" use_field_init_shorthand = true -use_try_shorthand = true -wrap_comments = true diff --git a/src/aead.rs b/src/aead.rs index c62eee3d5c..eed85ea97d 100644 --- a/src/aead.rs +++ b/src/aead.rs @@ -54,7 +54,8 @@ impl OpeningKey { /// `key_bytes` must be exactly `algorithm.key_len` bytes long. #[inline] pub fn new( - algorithm: &'static Algorithm, key_bytes: &[u8], + algorithm: &'static Algorithm, + key_bytes: &[u8], ) -> Result { Ok(Self { key: Key::new(algorithm, key_bytes)?, @@ -63,7 +64,9 @@ impl OpeningKey { /// The key's AEAD algorithm. #[inline(always)] - pub fn algorithm(&self) -> &'static Algorithm { self.key.algorithm() } + pub fn algorithm(&self) -> &'static Algorithm { + self.key.algorithm() + } } /// Authenticates and decrypts (“opens”) data in place. @@ -111,7 +114,10 @@ impl OpeningKey { /// does not allow us to have two slices, one mutable and one immutable, that /// reference overlapping memory.) pub fn open_in_place<'a, A: AsRef<[u8]>>( - key: &OpeningKey, nonce: Nonce, Aad(aad): Aad, in_prefix_len: usize, + key: &OpeningKey, + nonce: Nonce, + Aad(aad): Aad, + in_prefix_len: usize, ciphertext_and_tag_modified_in_place: &'a mut [u8], ) -> Result<&'a mut [u8], error::Unspecified> { open_in_place_( @@ -124,7 +130,10 @@ pub fn open_in_place<'a, A: AsRef<[u8]>>( } fn open_in_place_<'a>( - key: &OpeningKey, nonce: Nonce, aad: Aad<&[u8]>, in_prefix_len: usize, + key: &OpeningKey, + nonce: Nonce, + aad: Aad<&[u8]>, + in_prefix_len: usize, ciphertext_and_tag_modified_in_place: &'a mut [u8], ) -> Result<&'a mut [u8], error::Unspecified> { let ciphertext_and_tag_len = ciphertext_and_tag_modified_in_place @@ -178,7 +187,8 @@ impl SealingKey { /// Constructs a new sealing key from `key_bytes`. #[inline] pub fn new( - algorithm: &'static Algorithm, key_bytes: &[u8], + algorithm: &'static Algorithm, + key_bytes: &[u8], ) -> Result { Ok(Self { key: Key::new(algorithm, key_bytes)?, @@ -187,7 +197,9 @@ impl SealingKey { /// The key's AEAD algorithm. #[inline(always)] - pub fn algorithm(&self) -> &'static Algorithm { self.key.algorithm() } + pub fn algorithm(&self) -> &'static Algorithm { + self.key.algorithm() + } } /// Encrypts and signs (“seals”) data in place. @@ -208,7 +220,11 @@ impl SealingKey { /// /// `aad` is the additional authenticated data, if any. pub fn seal_in_place>( - key: &SealingKey, nonce: Nonce, Aad(aad): Aad, in_out: &mut [u8], out_suffix_capacity: usize, + key: &SealingKey, + nonce: Nonce, + Aad(aad): Aad, + in_out: &mut [u8], + out_suffix_capacity: usize, ) -> Result { seal_in_place_( key, @@ -220,7 +236,11 @@ pub fn seal_in_place>( } fn seal_in_place_( - key: &SealingKey, nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8], out_suffix_capacity: usize, + key: &SealingKey, + nonce: Nonce, + aad: Aad<&[u8]>, + in_out: &mut [u8], + out_suffix_capacity: usize, ) -> Result { if out_suffix_capacity < key.key.algorithm.tag_len() { return Err(error::Unspecified); @@ -248,12 +268,16 @@ pub struct Aad>(A); impl> Aad { /// Construct the `Aad` from the given bytes. #[inline] - pub fn from(aad: A) -> Self { Aad(aad) } + pub fn from(aad: A) -> Self { + Aad(aad) + } } impl Aad<[u8; 0]> { /// Construct an empty `Aad`. - pub fn empty() -> Self { Self::from([]) } + pub fn empty() -> Self { + Self::from([]) + } } /// `OpeningKey` and `SealingKey` are type-safety wrappers around `Key`, which @@ -291,7 +315,9 @@ impl Key { /// The key's AEAD algorithm. #[inline(always)] - fn algorithm(&self) -> &'static Algorithm { self.algorithm } + fn algorithm(&self) -> &'static Algorithm { + self.algorithm + } } /// An AEAD Algorithm. @@ -332,17 +358,23 @@ const fn max_input_len(block_len: usize, overhead_blocks_per_nonce: usize) -> u6 impl Algorithm { /// The length of the key. #[inline(always)] - pub fn key_len(&self) -> usize { self.key_len } + pub fn key_len(&self) -> usize { + self.key_len + } /// The length of a tag. /// /// See also `MAX_TAG_LEN`. #[inline(always)] - pub fn tag_len(&self) -> usize { TAG_LEN } + pub fn tag_len(&self) -> usize { + TAG_LEN + } /// The length of the nonces. #[inline(always)] - pub fn nonce_len(&self) -> usize { NONCE_LEN } + pub fn nonce_len(&self) -> usize { + NONCE_LEN + } } derive_debug_via_id!(Algorithm); @@ -355,7 +387,9 @@ enum AlgorithmID { } impl PartialEq for Algorithm { - fn eq(&self, other: &Self) -> bool { self.id == other.id } + fn eq(&self, other: &Self) -> bool { + self.id == other.id + } } impl Eq for Algorithm {} diff --git a/src/aead/aes.rs b/src/aead/aes.rs index 97b2d1b0b3..ce15a0b4ae 100644 --- a/src/aead/aes.rs +++ b/src/aead/aes.rs @@ -27,7 +27,9 @@ pub(crate) struct Key { impl Key { #[inline] pub fn new( - bytes: &[u8], variant: Variant, cpu_features: cpu::Features, + bytes: &[u8], + variant: Variant, + cpu_features: cpu::Features, ) -> Result { let key_bits = match variant { Variant::AES_128 => BitLength::from_usize_bits(128), @@ -46,7 +48,9 @@ impl Key { Implementation::HWAES => { extern "C" { fn GFp_aes_hw_set_encrypt_key( - user_key: *const u8, bits: libc::c_uint, key: &mut AES_KEY, + user_key: *const u8, + bits: libc::c_uint, + key: &mut AES_KEY, ) -> ZeroMeansSuccess; } Result::from(unsafe { @@ -56,13 +60,15 @@ impl Key { &mut key, ) })?; - }, + } #[cfg(any(target_arch = "x86_64", target_arch = "x86"))] Implementation::VPAES => { extern "C" { fn GFp_vpaes_set_encrypt_key( - user_key: *const u8, bits: libc::c_uint, key: &mut AES_KEY, + user_key: *const u8, + bits: libc::c_uint, + key: &mut AES_KEY, ) -> ZeroMeansSuccess; } Result::from(unsafe { @@ -72,12 +78,14 @@ impl Key { &mut key, ) })?; - }, + } _ => { extern "C" { fn GFp_aes_nohw_set_encrypt_key( - user_key: *const u8, bits: libc::c_uint, key: &mut AES_KEY, + user_key: *const u8, + bits: libc::c_uint, + key: &mut AES_KEY, ) -> ZeroMeansSuccess; } Result::from(unsafe { @@ -87,7 +95,7 @@ impl Key { &mut key, ) })?; - }, + } }; Ok(Self { @@ -109,7 +117,7 @@ impl Key { unsafe { GFp_aes_hw_encrypt(aliasing_const, aliasing_mut, &self.inner); } - }, + } #[cfg(any(target_arch = "x86_64", target_arch = "x86"))] Implementation::VPAES => { @@ -119,7 +127,7 @@ impl Key { unsafe { GFp_vpaes_encrypt(aliasing_const, aliasing_mut, &self.inner); } - }, + } _ => { extern "C" { @@ -128,7 +136,7 @@ impl Key { unsafe { GFp_aes_nohw_encrypt(aliasing_const, aliasing_mut, &self.inner); } - }, + } } a @@ -143,7 +151,10 @@ impl Key { #[inline] pub(super) fn ctr32_encrypt_blocks( - &self, in_out: &mut [u8], direction: Direction, ctr: &mut Counter, + &self, + in_out: &mut [u8], + direction: Direction, + ctr: &mut Counter, ) { let output: *mut u8 = in_out.as_mut_ptr(); let in_prefix_len = match direction { @@ -163,7 +174,10 @@ impl Key { Implementation::HWAES => { extern "C" { fn GFp_aes_hw_ctr32_encrypt_blocks( - input: *const u8, output: *mut u8, blocks: size_t, key: &AES_KEY, + input: *const u8, + output: *mut u8, + blocks: size_t, + key: &AES_KEY, ivec: &Counter, ); } @@ -171,13 +185,16 @@ impl Key { GFp_aes_hw_ctr32_encrypt_blocks(input, output, blocks, &self.inner, ctr); } ctr.increment_by_less_safe(blocks_u32); - }, + } #[cfg(target_arch = "arm")] Implementation::BSAES => { extern "C" { fn GFp_bsaes_ctr32_encrypt_blocks( - input: *const u8, output: *mut u8, blocks: size_t, key: &AES_KEY, + input: *const u8, + output: *mut u8, + blocks: size_t, + key: &AES_KEY, ivec: &Counter, ); } @@ -185,13 +202,13 @@ impl Key { GFp_bsaes_ctr32_encrypt_blocks(input, output, blocks, &self.inner, ctr); } ctr.increment_by_less_safe(blocks_u32); - }, + } _ => { shift::shift_full_blocks(in_out, in_prefix_len, |input| { self.encrypt_iv_xor_block(ctr.increment(), Block::from(input)) }); - }, + } } } @@ -215,7 +232,9 @@ impl Key { #[cfg(target_arch = "x86_64")] #[must_use] - pub(super) fn inner_less_safe(&self) -> &AES_KEY { &self.inner } + pub(super) fn inner_less_safe(&self) -> &AES_KEY { + &self.inner + } } // Keep this in sync with AES_KEY in aes.h. diff --git a/src/aead/aes_gcm.rs b/src/aead/aes_gcm.rs index 488b61b9a9..48f72b363d 100644 --- a/src/aead/aes_gcm.rs +++ b/src/aead/aes_gcm.rs @@ -52,7 +52,9 @@ fn init_256(key: &[u8], cpu_features: cpu::Features) -> Result Result { let aes_key = aes::Key::new(key, variant, cpu_features)?; let gcm_key = gcm::Key::new(aes_key.encrypt_block(Block::zero()), cpu_features); @@ -62,14 +64,21 @@ fn init( const CHUNK_BLOCKS: usize = 3 * 1024 / 16; fn aes_gcm_seal( - key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8], + key: &aead::KeyInner, + nonce: Nonce, + aad: Aad<&[u8]>, + in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { aead(key, nonce, aad, in_out, Direction::Sealing, cpu_features) } fn aes_gcm_open( - key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_prefix_len: usize, in_out: &mut [u8], + key: &aead::KeyInner, + nonce: Nonce, + aad: Aad<&[u8]>, + in_prefix_len: usize, + in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { aead( @@ -84,7 +93,11 @@ fn aes_gcm_open( #[inline(always)] // Avoid branching on `direction`. fn aead( - key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8], direction: Direction, + key: &aead::KeyInner, + nonce: Nonce, + aad: Aad<&[u8]>, + in_out: &mut [u8], + direction: Direction, cpu_features: cpu::Features, ) -> Tag { let Key { aes_key, gcm_key } = match key { @@ -185,8 +198,12 @@ fn aead( #[cfg(target_arch = "x86_64")] #[inline] // Optimize out the match on `direction`. fn integrated_aes_gcm<'a>( - aes_key: &aes::Key, gcm_ctx: &mut gcm::Context, in_out: &'a mut [u8], ctr: &mut Counter, - direction: Direction, cpu_features: cpu::Features, + aes_key: &aes::Key, + gcm_ctx: &mut gcm::Context, + in_out: &'a mut [u8], + ctr: &mut Counter, + direction: Direction, + cpu_features: cpu::Features, ) -> &'a mut [u8] { use libc::size_t; @@ -198,8 +215,12 @@ fn integrated_aes_gcm<'a>( Direction::Opening { in_prefix_len } => { extern "C" { fn GFp_aesni_gcm_decrypt( - input: *const u8, output: *mut u8, len: size_t, key: &aes::AES_KEY, - ivec: &mut Counter, gcm: &mut gcm::Context, + input: *const u8, + output: *mut u8, + len: size_t, + key: &aes::AES_KEY, + ivec: &mut Counter, + gcm: &mut gcm::Context, ) -> size_t; } unsafe { @@ -212,12 +233,16 @@ fn integrated_aes_gcm<'a>( gcm_ctx, ) } - }, + } Direction::Sealing => { extern "C" { fn GFp_aesni_gcm_encrypt( - input: *const u8, output: *mut u8, len: size_t, key: &aes::AES_KEY, - ivec: &mut Counter, gcm: &mut gcm::Context, + input: *const u8, + output: *mut u8, + len: size_t, + key: &aes::AES_KEY, + ivec: &mut Counter, + gcm: &mut gcm::Context, ) -> size_t; } unsafe { @@ -230,7 +255,7 @@ fn integrated_aes_gcm<'a>( gcm_ctx, ) } - }, + } }; &mut in_out[processed..] @@ -239,7 +264,11 @@ fn integrated_aes_gcm<'a>( #[cfg(not(target_arch = "x86_64"))] #[inline] fn integrated_aes_gcm<'a>( - _: &aes::Key, _: &mut gcm::Context, in_out: &'a mut [u8], _: &mut Counter, _: Direction, + _: &aes::Key, + _: &mut gcm::Context, + in_out: &'a mut [u8], + _: &mut Counter, + _: Direction, _: cpu::Features, ) -> &'a mut [u8] { in_out // This doesn't process any of the input so it all remains. diff --git a/src/aead/block.rs b/src/aead/block.rs index 6cf6923772..c19ec3cec3 100644 --- a/src/aead/block.rs +++ b/src/aead/block.rs @@ -28,7 +28,9 @@ pub const BLOCK_LEN: usize = 16; impl Block { #[inline] - pub fn zero() -> Self { Self { subblocks: [0, 0] } } + pub fn zero() -> Self { + Self { subblocks: [0, 0] } + } #[inline] pub fn from_u64_le(first: LittleEndian, second: LittleEndian) -> Self { @@ -59,7 +61,9 @@ impl Block { /// leaving the rest of the block unchanged. Panics if `a` is larger /// than a block. #[inline] - pub fn partial_copy_from(&mut self, a: &[u8]) { self.as_mut()[..a.len()].copy_from_slice(a); } + pub fn partial_copy_from(&mut self, a: &[u8]) { + self.as_mut()[..a.len()].copy_from_slice(a); + } #[inline] pub fn bitxor_assign(&mut self, a: Block) { @@ -74,28 +78,38 @@ impl Block { impl From<&'_ [u8; BLOCK_LEN]> for Block { #[inline] - fn from(bytes: &[u8; BLOCK_LEN]) -> Self { unsafe { core::mem::transmute_copy(bytes) } } + fn from(bytes: &[u8; BLOCK_LEN]) -> Self { + unsafe { core::mem::transmute_copy(bytes) } + } } impl From_<&'_ [u8; 2 * BLOCK_LEN]> for [Block; 2] { #[inline] - fn from_(bytes: &[u8; 2 * BLOCK_LEN]) -> Self { unsafe { core::mem::transmute_copy(bytes) } } + fn from_(bytes: &[u8; 2 * BLOCK_LEN]) -> Self { + unsafe { core::mem::transmute_copy(bytes) } + } } impl AsRef<[u8; BLOCK_LEN]> for Block { #[inline] - fn as_ref(&self) -> &[u8; BLOCK_LEN] { unsafe { core::mem::transmute(self) } } + fn as_ref(&self) -> &[u8; BLOCK_LEN] { + unsafe { core::mem::transmute(self) } + } } impl AsMut<[u8; BLOCK_LEN]> for Block { #[inline] - fn as_mut(&mut self) -> &mut [u8; BLOCK_LEN] { unsafe { core::mem::transmute(self) } } + fn as_mut(&mut self) -> &mut [u8; BLOCK_LEN] { + unsafe { core::mem::transmute(self) } + } } /// Like `AsMut`. impl From_<&mut [Block; 2]> for &mut [u8; 2 * BLOCK_LEN] { #[inline] - fn from_(bytes: &mut [Block; 2]) -> Self { unsafe { core::mem::transmute(bytes) } } + fn from_(bytes: &mut [Block; 2]) -> Self { + unsafe { core::mem::transmute(bytes) } + } } #[cfg(test)] diff --git a/src/aead/chacha.rs b/src/aead/chacha.rs index 03d4b7c8e0..5bbdaa541a 100644 --- a/src/aead/chacha.rs +++ b/src/aead/chacha.rs @@ -25,7 +25,9 @@ use libc::size_t; pub struct Key([Block; KEY_BLOCKS]); impl From<&'_ [u8; KEY_LEN]> for Key { - fn from(value: &[u8; KEY_LEN]) -> Self { Self(<[Block; KEY_BLOCKS]>::from_(value)) } + fn from(value: &[u8; KEY_LEN]) -> Self { + Self(<[Block; KEY_BLOCKS]>::from_(value)) + } } impl Key { @@ -99,21 +101,29 @@ impl Key { #[inline] // Optimize away match on `counter.` unsafe fn encrypt( - &self, counter: CounterOrIv, input: *const u8, in_out_len: usize, output: *mut u8, + &self, + counter: CounterOrIv, + input: *const u8, + in_out_len: usize, + output: *mut u8, ) { let iv = match counter { CounterOrIv::Counter(counter) => counter.into(), CounterOrIv::Iv(iv) => { assert!(in_out_len <= 32); iv - }, + } }; /// XXX: Although this takes an `Iv`, this actually uses it like a /// `Counter`. extern "C" { fn GFp_ChaCha20_ctr32( - out: *mut u8, in_: *const u8, in_len: size_t, key: &Key, first_iv: &Iv, + out: *mut u8, + in_: *const u8, + in_len: size_t, + key: &Key, + first_iv: &Iv, ); } @@ -183,7 +193,12 @@ mod tests { } fn chacha20_test_case_inner( - key: &Key, nonce: &[u8], ctr: u32, input: &[u8], expected: &[u8], len: usize, + key: &Key, + nonce: &[u8], + ctr: u32, + input: &[u8], + expected: &[u8], + len: usize, in_out_buf: &mut [u8], ) { // Straightforward encryption into disjoint buffers is computed diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index cd3c6aff40..ba51d1f02f 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -40,21 +40,29 @@ pub static CHACHA20_POLY1305: aead::Algorithm = aead::Algorithm { /// Copies |key| into |ctx_buf|. fn chacha20_poly1305_init( - key: &[u8], _todo: cpu::Features, + key: &[u8], + _todo: cpu::Features, ) -> Result { let key: &[u8; chacha::KEY_LEN] = key.try_into_()?; Ok(aead::KeyInner::ChaCha20Poly1305(chacha::Key::from(key))) } fn chacha20_poly1305_seal( - key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8], + key: &aead::KeyInner, + nonce: Nonce, + aad: Aad<&[u8]>, + in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { aead(key, nonce, aad, in_out, Direction::Sealing, cpu_features) } fn chacha20_poly1305_open( - key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_prefix_len: usize, in_out: &mut [u8], + key: &aead::KeyInner, + nonce: Nonce, + aad: Aad<&[u8]>, + in_prefix_len: usize, + in_out: &mut [u8], cpu_features: cpu::Features, ) -> Tag { aead( @@ -71,8 +79,12 @@ pub type Key = chacha::Key; #[inline(always)] // Statically eliminate branches on `direction`. fn aead( - key: &aead::KeyInner, nonce: Nonce, Aad(aad): Aad<&[u8]>, in_out: &mut [u8], - direction: Direction, _todo: cpu::Features, + key: &aead::KeyInner, + nonce: Nonce, + Aad(aad): Aad<&[u8]>, + in_out: &mut [u8], + direction: Direction, + _todo: cpu::Features, ) -> Tag { let chacha20_key = match key { aead::KeyInner::ChaCha20Poly1305(key) => key, @@ -92,12 +104,12 @@ fn aead( poly1305_update_padded_16(&mut ctx, &in_out[in_prefix_len..]); chacha20_key.encrypt_overlapping(counter, in_out, in_prefix_len); in_out.len() - in_prefix_len - }, + } Direction::Sealing => { chacha20_key.encrypt_in_place(counter, in_out); poly1305_update_padded_16(&mut ctx, in_out); in_out.len() - }, + } }; ctx.update_block( diff --git a/src/aead/chacha20_poly1305_openssh.rs b/src/aead/chacha20_poly1305_openssh.rs index 269a996e29..a06755188d 100644 --- a/src/aead/chacha20_poly1305_openssh.rs +++ b/src/aead/chacha20_poly1305_openssh.rs @@ -57,7 +57,9 @@ impl SealingKey { /// `encrypted_packet_length||ciphertext`, where `encrypted_packet_length` /// is encrypted with `K_1` and `ciphertext` is encrypted by `K_2`. pub fn seal_in_place( - &self, sequence_number: u32, plaintext_in_ciphertext_out: &mut [u8], + &self, + sequence_number: u32, + plaintext_in_ciphertext_out: &mut [u8], tag_out: &mut [u8; TAG_LEN], ) { let mut counter = make_counter(sequence_number); @@ -98,7 +100,9 @@ impl OpeningKey { /// Importantly, the result won't be authenticated until `open_in_place` is /// called. pub fn decrypt_packet_length( - &self, sequence_number: u32, encrypted_packet_length: [u8; PACKET_LENGTH_LEN], + &self, + sequence_number: u32, + encrypted_packet_length: [u8; PACKET_LENGTH_LEN], ) -> [u8; PACKET_LENGTH_LEN] { let mut packet_length = encrypted_packet_length; let counter = make_counter(sequence_number); @@ -116,7 +120,10 @@ impl OpeningKey { /// otherwise the contents of `ciphertext_in_plaintext_out` are unspecified /// and must not be used. pub fn open_in_place<'a>( - &self, sequence_number: u32, ciphertext_in_plaintext_out: &'a mut [u8], tag: &[u8; TAG_LEN], + &self, + sequence_number: u32, + ciphertext_in_plaintext_out: &'a mut [u8], + tag: &[u8; TAG_LEN], ) -> Result<&'a [u8], error::Unspecified> { let mut counter = make_counter(sequence_number); diff --git a/src/aead/gcm.rs b/src/aead/gcm.rs index c347ad3b24..03644744c0 100644 --- a/src/aead/gcm.rs +++ b/src/aead/gcm.rs @@ -36,7 +36,7 @@ impl Key { unsafe { GFp_gcm_init_avx(&mut key, &h); } - }, + } Implementation::CLMUL => { extern "C" { @@ -45,7 +45,7 @@ impl Key { unsafe { GFp_gcm_init_clmul(&mut key, &h); } - }, + } #[cfg(any(target_arch = "arm"))] Implementation::NEON => { @@ -55,7 +55,7 @@ impl Key { unsafe { GFp_gcm_init_neon(&mut key, &h); } - }, + } Implementation::Fallback => { extern "C" { @@ -64,7 +64,7 @@ impl Key { unsafe { GFp_gcm_init_4bit(&mut key, &h); } - }, + } } key @@ -108,47 +108,59 @@ impl Context { Implementation::CLMUL if has_avx_movbe(self.cpu_features) => { extern "C" { fn GFp_gcm_ghash_avx( - ctx: &mut Context, h_table: *const GCM128_KEY, inp: *const u8, len: size_t, + ctx: &mut Context, + h_table: *const GCM128_KEY, + inp: *const u8, + len: size_t, ); } unsafe { GFp_gcm_ghash_avx(self, key_aliasing, input.as_ptr(), input.len()); } - }, + } Implementation::CLMUL => { extern "C" { fn GFp_gcm_ghash_clmul( - ctx: &mut Context, h_table: *const GCM128_KEY, inp: *const u8, len: size_t, + ctx: &mut Context, + h_table: *const GCM128_KEY, + inp: *const u8, + len: size_t, ); } unsafe { GFp_gcm_ghash_clmul(self, key_aliasing, input.as_ptr(), input.len()); } - }, + } #[cfg(any(target_arch = "arm"))] Implementation::NEON => { extern "C" { fn GFp_gcm_ghash_neon( - ctx: &mut Context, h_table: *const GCM128_KEY, inp: *const u8, len: size_t, + ctx: &mut Context, + h_table: *const GCM128_KEY, + inp: *const u8, + len: size_t, ); } unsafe { GFp_gcm_ghash_neon(self, key_aliasing, input.as_ptr(), input.len()); } - }, + } Implementation::Fallback => { extern "C" { fn GFp_gcm_ghash_4bit( - ctx: &mut Context, h_table: *const GCM128_KEY, inp: *const u8, len: size_t, + ctx: &mut Context, + h_table: *const GCM128_KEY, + inp: *const u8, + len: size_t, ); } unsafe { GFp_gcm_ghash_4bit(self, key_aliasing, input.as_ptr(), input.len()); } - }, + } } } @@ -165,7 +177,7 @@ impl Context { unsafe { GFp_gcm_gmult_clmul(self, key_aliasing); } - }, + } #[cfg(any(target_arch = "arm"))] Implementation::NEON => { @@ -175,7 +187,7 @@ impl Context { unsafe { GFp_gcm_gmult_neon(self, key_aliasing); } - }, + } Implementation::Fallback => { extern "C" { @@ -184,7 +196,7 @@ impl Context { unsafe { GFp_gcm_gmult_4bit(self, key_aliasing); } - }, + } } } diff --git a/src/aead/nonce.rs b/src/aead/nonce.rs index 0cbf33cb12..c29f25d702 100644 --- a/src/aead/nonce.rs +++ b/src/aead/nonce.rs @@ -49,11 +49,15 @@ impl Nonce { /// Constructs a `Nonce` with the given value, assuming that the value is /// unique for the lifetime of the key it is being used with. #[inline] - pub fn assume_unique_for_key(value: [u8; NONCE_LEN]) -> Self { Self(value) } + pub fn assume_unique_for_key(value: [u8; NONCE_LEN]) -> Self { + Self(value) + } } impl AsRef<[u8; NONCE_LEN]> for Nonce { - fn as_ref(&self) -> &[u8; NONCE_LEN] { &self.0 } + fn as_ref(&self) -> &[u8; NONCE_LEN] { + &self.0 + } } /// All the AEADs we support use 96-bit nonces. @@ -76,8 +80,12 @@ impl> Counter where u32: From, { - pub fn zero(nonce: Nonce) -> Self { Self::new(nonce, 0) } - pub fn one(nonce: Nonce) -> Self { Self::new(nonce, 1) } + pub fn zero(nonce: Nonce) -> Self { + Self::new(nonce, 0) + } + pub fn one(nonce: Nonce) -> Self { + Self::new(nonce, 1) + } // Used by `zero()` and by the tests. #[cfg(test)] @@ -127,15 +135,21 @@ impl> From> for Iv where u32: From, { - fn from(counter: Counter) -> Self { Self(unsafe { counter.block }) } + fn from(counter: Counter) -> Self { + Self(unsafe { counter.block }) + } } impl Iv { #[inline] - pub fn assume_unique_for_key(a: Block) -> Self { Self(a) } + pub fn assume_unique_for_key(a: Block) -> Self { + Self(a) + } #[inline] - pub fn into_block_less_safe(self) -> Block { self.0 } + pub fn into_block_less_safe(self) -> Block { + self.0 + } } pub trait Layout: Encoding diff --git a/src/aead/poly1305.rs b/src/aead/poly1305.rs index 45a223fe88..ec30a97c5b 100644 --- a/src/aead/poly1305.rs +++ b/src/aead/poly1305.rs @@ -26,7 +26,9 @@ use libc::size_t; pub struct Key([Block; KEY_BLOCKS]); impl From<[Block; KEY_BLOCKS]> for Key { - fn from(value: [Block; KEY_BLOCKS]) -> Self { Self(value) } + fn from(value: [Block; KEY_BLOCKS]) -> Self { + Self(value) + } } pub const KEY_BLOCKS: usize = 2; @@ -47,7 +49,10 @@ impl Context { pub fn from_key(Key(key_and_nonce): Key) -> Self { extern "C" { fn GFp_poly1305_blocks( - state: &mut Opaque, input: *const u8, len: size_t, should_pad: Pad, + state: &mut Opaque, + input: *const u8, + len: size_t, + should_pad: Pad, ); fn GFp_poly1305_emit(state: &mut Opaque, tag: &mut Tag, nonce: &Nonce); } @@ -84,7 +89,9 @@ impl Context { self.func.blocks(&mut self.opaque, input, Pad::Pad); } - pub(super) fn finish(mut self) -> Tag { self.func.emit(&mut self.opaque, &self.nonce) } + pub(super) fn finish(mut self) -> Tag { + self.func.emit(&mut self.opaque, &self.nonce) + } } #[cfg(test)] @@ -124,7 +131,9 @@ struct Funcs { fn init(state: &mut Opaque, key: DerivedKey, func: &mut Funcs) -> Result<(), error::Unspecified> { extern "C" { fn GFp_poly1305_init_asm( - state: &mut Opaque, key: &DerivedKey, out_func: &mut Funcs, + state: &mut Opaque, + key: &DerivedKey, + out_func: &mut Funcs, ) -> bssl::Result; } Result::from(unsafe { GFp_poly1305_init_asm(state, &key, func) }) @@ -179,7 +188,9 @@ mod tests { use crate::{polyfill::convert::*, test}; #[test] - pub fn test_state_layout() { check_state_layout(); } + pub fn test_state_layout() { + check_state_layout(); + } // Adapted from BoringSSL's crypto/poly1305/poly1305_test.cc. #[test] diff --git a/src/aead/quic.rs b/src/aead/quic.rs index 350af317c2..dbe87bd719 100644 --- a/src/aead/quic.rs +++ b/src/aead/quic.rs @@ -39,7 +39,8 @@ impl HeaderProtectionKey { /// /// `key_bytes` must be exactly `algorithm.key_len` bytes long. pub fn new( - algorithm: &'static Algorithm, key_bytes: &[u8], + algorithm: &'static Algorithm, + key_bytes: &[u8], ) -> Result { Ok(Self { inner: (algorithm.init)(key_bytes, cpu::features())?, @@ -60,7 +61,9 @@ impl HeaderProtectionKey { /// The key's algorithm. #[inline(always)] - pub fn algorithm(&self) -> &'static Algorithm { self.algorithm } + pub fn algorithm(&self) -> &'static Algorithm { + self.algorithm + } } const SAMPLE_LEN: usize = super::TAG_LEN; @@ -78,11 +81,15 @@ pub struct Algorithm { impl Algorithm { /// The length of the key. #[inline(always)] - pub fn key_len(&self) -> usize { self.key_len } + pub fn key_len(&self) -> usize { + self.key_len + } /// The required sample length. #[inline(always)] - pub fn sample_len(&self) -> usize { SAMPLE_LEN } + pub fn sample_len(&self) -> usize { + SAMPLE_LEN + } } derive_debug_via_id!(Algorithm); @@ -95,7 +102,9 @@ enum AlgorithmID { } impl PartialEq for Algorithm { - fn eq(&self, other: &Self) -> bool { self.id == other.id } + fn eq(&self, other: &Self) -> bool { + self.id == other.id + } } impl Eq for Algorithm {} diff --git a/src/agreement.rs b/src/agreement.rs index d5573dc70a..062c7c629a 100644 --- a/src/agreement.rs +++ b/src/agreement.rs @@ -85,7 +85,9 @@ derive_debug_via_field!(Algorithm, curve); impl Eq for Algorithm {} impl PartialEq for Algorithm { - fn eq(&self, other: &Algorithm) -> bool { self.curve.id == other.curve.id } + fn eq(&self, other: &Algorithm) -> bool { + self.curve.id == other.curve.id + } } /// An ephemeral private key for use (only) with `agree_ephemeral`. The @@ -99,7 +101,8 @@ pub struct EphemeralPrivateKey { impl EphemeralPrivateKey { /// Generate a new ephemeral private key for the given algorithm. pub fn generate( - alg: &'static Algorithm, rng: &rand::SecureRandom, + alg: &'static Algorithm, + rng: &rand::SecureRandom, ) -> Result { let cpu_features = cpu::features(); @@ -123,7 +126,9 @@ impl EphemeralPrivateKey { } #[cfg(test)] - pub fn bytes(&self) -> &[u8] { self.private_key.bytes_less_safe() } + pub fn bytes(&self) -> &[u8] { + self.private_key.bytes_less_safe() + } } /// A public key for key agreement. @@ -131,7 +136,9 @@ impl EphemeralPrivateKey { pub struct PublicKey(ec::PublicKey); impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { self.0.as_ref() } + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } } derive_debug_self_as_ref_hex_bytes!(PublicKey); @@ -158,7 +165,9 @@ where impl> UnparsedPublicKey { /// Constructs a new `UnparsedPublicKey`. - pub fn new(algorithm: &'static Algorithm, bytes: B) -> Self { Self { algorithm, bytes } } + pub fn new(algorithm: &'static Algorithm, bytes: B) -> Self { + Self { algorithm, bytes } + } } /// Performs a key agreement with an ephemeral private key and the given public @@ -184,7 +193,9 @@ impl> UnparsedPublicKey { /// returns. #[inline] pub fn agree_ephemeral, F, R, E>( - my_private_key: EphemeralPrivateKey, peer_public_key: &UnparsedPublicKey, error_value: E, + my_private_key: EphemeralPrivateKey, + peer_public_key: &UnparsedPublicKey, + error_value: E, kdf: F, ) -> Result where @@ -198,7 +209,9 @@ where } fn agree_ephemeral_( - my_private_key: EphemeralPrivateKey, peer_public_key: UnparsedPublicKey<&[u8]>, error_value: E, + my_private_key: EphemeralPrivateKey, + peer_public_key: UnparsedPublicKey<&[u8]>, + error_value: E, kdf: F, ) -> Result where diff --git a/src/bits.rs b/src/bits.rs index a11a1733cc..b2d4ca5774 100644 --- a/src/bits.rs +++ b/src/bits.rs @@ -21,7 +21,9 @@ pub struct BitLength(usize); // overflow. impl BitLength { #[inline] - pub const fn from_usize_bits(bits: usize) -> Self { Self(bits) } + pub const fn from_usize_bits(bits: usize) -> Self { + Self(bits) + } #[inline] pub fn from_usize_bytes(bytes: usize) -> Result { @@ -37,7 +39,9 @@ impl BitLength { } #[inline] - pub fn as_usize_bits(&self) -> usize { self.0 } + pub fn as_usize_bits(&self) -> usize { + self.0 + } #[cfg(feature = "use_heap")] #[inline] diff --git a/src/bssl.rs b/src/bssl.rs index e627b4ec1e..fc244ffaa9 100644 --- a/src/bssl.rs +++ b/src/bssl.rs @@ -29,7 +29,7 @@ impl From for core::result::Result<(), error::Unspecified> { c => { debug_assert_eq!(c, 0, "`bssl::Result` value must be 0 or 1"); Err(error::Unspecified) - }, + } } } } diff --git a/src/debug.rs b/src/debug.rs index 5becf32368..bcc82f0574 100644 --- a/src/debug.rs +++ b/src/debug.rs @@ -53,7 +53,9 @@ macro_rules! derive_debug_self_as_ref_hex_bytes { } pub(crate) fn write_hex_tuple( - fmt: &mut core::fmt::Formatter, type_name: &str, value: &AsRef<[u8]>, + fmt: &mut core::fmt::Formatter, + type_name: &str, + value: &AsRef<[u8]>, ) -> Result<(), ::core::fmt::Error> { fmt.debug_tuple(type_name) .field(&HexStr(value.as_ref())) @@ -72,7 +74,8 @@ impl core::fmt::Debug for HexStr<'_> { } pub(crate) fn write_hex_bytes( - fmt: &mut core::fmt::Formatter, bytes: &[u8], + fmt: &mut core::fmt::Formatter, + bytes: &[u8], ) -> Result<(), ::core::fmt::Error> { for byte in bytes { write!(fmt, "{:02x}", byte)?; diff --git a/src/digest.rs b/src/digest.rs index ca6f177fa4..3d5e648f90 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -172,7 +172,9 @@ impl Context { /// The algorithm that this context is using. #[inline(always)] - pub fn algorithm(&self) -> &'static Algorithm { self.algorithm } + pub fn algorithm(&self) -> &'static Algorithm { + self.algorithm + } } /// Returns the digest of `data` using the given digest algorithm. @@ -212,7 +214,9 @@ pub struct Digest { impl Digest { /// The algorithm that was used to calculate the digest value. #[inline(always)] - pub fn algorithm(&self) -> &'static Algorithm { self.algorithm } + pub fn algorithm(&self) -> &'static Algorithm { + self.algorithm + } } impl AsRef<[u8]> for Digest { @@ -266,7 +270,9 @@ enum AlgorithmID { } impl PartialEq for Algorithm { - fn eq(&self, other: &Self) -> bool { self.id == other.id } + fn eq(&self, other: &Self) -> bool { + self.id == other.id + } } impl Eq for Algorithm {} @@ -512,7 +518,9 @@ mod tests { use super::super::super::super::digest; #[test] - fn max_input_test() { super::max_input_test(&digest::$algorithm_name); } + fn max_input_test() { + super::max_input_test(&digest::$algorithm_name); + } #[test] #[should_panic] diff --git a/src/digest/sha1.rs b/src/digest/sha1.rs index f6bff22b5f..e5dadb8683 100644 --- a/src/digest/sha1.rs +++ b/src/digest/sha1.rs @@ -25,13 +25,19 @@ const CHAINING_WORDS: usize = CHAINING_LEN / 4; type W32 = Wrapping; #[inline] -fn ch(x: W32, y: W32, z: W32) -> W32 { (x & y) | (!x & z) } +fn ch(x: W32, y: W32, z: W32) -> W32 { + (x & y) | (!x & z) +} #[inline] -fn parity(x: W32, y: W32, z: W32) -> W32 { x ^ y ^ z } +fn parity(x: W32, y: W32, z: W32) -> W32 { + x ^ y ^ z +} #[inline] -fn maj(x: W32, y: W32, z: W32) -> W32 { (x & y) | (x & z) | (y & z) } +fn maj(x: W32, y: W32, z: W32) -> W32 { + (x & y) | (x & z) | (y & z) +} /// The main purpose in retaining this is to support legacy protocols and OCSP, /// none of which need a fast SHA-1 implementation. @@ -39,7 +45,9 @@ fn maj(x: W32, y: W32, z: W32) -> W32 { (x & y) | (x & z) | (y & z) } /// Unlike SHA-256, SHA-384, and SHA-512, /// there is no assembly language implementation. pub(super) unsafe extern "C" fn block_data_order( - state: &mut super::State, data: *const u8, num: size_t, + state: &mut super::State, + data: *const u8, + num: size_t, ) { let data = data as *const [[u8; 4]; 16]; let blocks = core::slice::from_raw_parts(data, num); diff --git a/src/ec/curve25519/ed25519/signing.rs b/src/ec/curve25519/ed25519/signing.rs index e3f77334ec..0889c23641 100644 --- a/src/ec/curve25519/ed25519/signing.rs +++ b/src/ec/curve25519/ed25519/signing.rs @@ -117,7 +117,8 @@ impl Ed25519KeyPair { /// public key). This also detects any corruption of the public or private /// key. pub fn from_seed_and_public_key( - seed: &[u8], public_key: &[u8], + seed: &[u8], + public_key: &[u8], ) -> Result { let pair = Self::from_seed_unchecked(seed)?; @@ -208,20 +209,25 @@ impl Ed25519KeyPair { impl signature::KeyPair for Ed25519KeyPair { type PublicKey = PublicKey; - fn public_key(&self) -> &Self::PublicKey { &self.public_key } + fn public_key(&self) -> &Self::PublicKey { + &self.public_key + } } #[derive(Clone, Copy)] pub struct PublicKey([u8; ED25519_PUBLIC_KEY_LEN]); impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { self.0.as_ref() } + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } } derive_debug_self_as_ref_hex_bytes!(PublicKey); fn unwrap_pkcs8( - version: pkcs8::Version, input: untrusted::Input, + version: pkcs8::Version, + input: untrusted::Input, ) -> Result<(untrusted::Input, Option), error::KeyRejected> { let (private_key, public_key) = pkcs8::unwrap_key(&PKCS8_TEMPLATE, version, input)?; let private_key = private_key diff --git a/src/ec/curve25519/ed25519/verification.rs b/src/ec/curve25519/ed25519/verification.rs index b72fe19159..01ea921b81 100644 --- a/src/ec/curve25519/ed25519/verification.rs +++ b/src/ec/curve25519/ed25519/verification.rs @@ -39,7 +39,10 @@ pub static ED25519: EdDSAParameters = EdDSAParameters {}; impl signature::VerificationAlgorithm for EdDSAParameters { fn verify( - &self, public_key: untrusted::Input, msg: untrusted::Input, signature: untrusted::Input, + &self, + public_key: untrusted::Input, + msg: untrusted::Input, + signature: untrusted::Input, ) -> Result<(), error::Unspecified> { let public_key = public_key.as_slice_less_safe(); let public_key: &[u8; ELEM_LEN] = public_key.try_into_()?;; @@ -71,6 +74,9 @@ impl sealed::Sealed for EdDSAParameters {} extern "C" { fn GFp_x25519_ge_double_scalarmult_vartime( - r: &mut Point, a_coeff: &Scalar, a: &ExtPoint, b_coeff: &Scalar, + r: &mut Point, + a_coeff: &Scalar, + a: &ExtPoint, + b_coeff: &Scalar, ); } diff --git a/src/ec/curve25519/ops.rs b/src/ec/curve25519/ops.rs index 791a8db80e..4465b311c7 100644 --- a/src/ec/curve25519/ops.rs +++ b/src/ec/curve25519/ops.rs @@ -94,7 +94,9 @@ impl ExtPoint { .map(|()| point) } - pub fn into_encoded_point(self) -> EncodedPoint { encode_point(self.x, self.y, self.z) } + pub fn into_encoded_point(self) -> EncodedPoint { + encode_point(self.x, self.y, self.z) + } pub fn invert_vartime(&mut self) { self.x.negate(); @@ -119,7 +121,9 @@ impl Point { } } - pub fn into_encoded_point(self) -> EncodedPoint { encode_point(self.x, self.y, self.z) } + pub fn into_encoded_point(self) -> EncodedPoint { + encode_point(self.x, self.y, self.z) + } } fn encode_point(x: Elem, y: Elem, z: Elem) -> EncodedPoint { diff --git a/src/ec/curve25519/x25519.rs b/src/ec/curve25519/x25519.rs index b43009d7ab..faff582a46 100644 --- a/src/ec/curve25519/x25519.rs +++ b/src/ec/curve25519/x25519.rs @@ -46,13 +46,15 @@ fn x25519_check_private_key_bytes(bytes: &[u8]) -> Result<(), error::Unspecified } fn x25519_generate_private_key( - rng: &rand::SecureRandom, out: &mut [u8], + rng: &rand::SecureRandom, + out: &mut [u8], ) -> Result<(), error::Unspecified> { rng.fill(out) } fn x25519_public_from_private( - public_out: &mut [u8], private_key: &ec::Seed, + public_out: &mut [u8], + private_key: &ec::Seed, ) -> Result<(), error::Unspecified> { let public_out = public_out.try_into_()?; @@ -75,7 +77,8 @@ fn x25519_public_from_private( extern "C" { fn GFp_x25519_public_from_private_generic( - public_key_out: &mut PublicKey, private_key: &PrivateKey, + public_key_out: &mut PublicKey, + private_key: &PrivateKey, ); } unsafe { @@ -86,7 +89,9 @@ fn x25519_public_from_private( } fn x25519_ecdh( - out: &mut [u8], my_private_key: &ec::Seed, peer_public_key: untrusted::Input, + out: &mut [u8], + my_private_key: &ec::Seed, + peer_public_key: untrusted::Input, ) -> Result<(), error::Unspecified> { let cpu_features = my_private_key.cpu_features; let my_private_key = my_private_key.bytes_less_safe().try_into_()?; @@ -95,7 +100,9 @@ fn x25519_ecdh( #[cfg_attr(not(target_arch = "arm"), allow(unused_variables))] fn scalar_mult( - out: &mut ops::EncodedPoint, scalar: &ops::Scalar, point: &ops::EncodedPoint, + out: &mut ops::EncodedPoint, + scalar: &ops::Scalar, + point: &ops::EncodedPoint, cpu_features: cpu::Features, ) { #[cfg(target_arch = "arm")] @@ -107,7 +114,9 @@ fn x25519_ecdh( extern "C" { fn GFp_x25519_scalar_mult_generic( - out: &mut ops::EncodedPoint, scalar: &ops::Scalar, point: &ops::EncodedPoint, + out: &mut ops::EncodedPoint, + scalar: &ops::Scalar, + point: &ops::EncodedPoint, ); } unsafe { @@ -135,7 +144,9 @@ fn x25519_ecdh( fn x25519_neon(out: &mut ops::EncodedPoint, scalar: &ops::Scalar, point: &ops::EncodedPoint) { extern "C" { fn GFp_x25519_NEON( - out: &mut ops::EncodedPoint, scalar: &ops::Scalar, point: &ops::EncodedPoint, + out: &mut ops::EncodedPoint, + scalar: &ops::Scalar, + point: &ops::EncodedPoint, ); } unsafe { GFp_x25519_NEON(out, scalar, point) } diff --git a/src/ec/keys.rs b/src/ec/keys.rs index 1b352ef45d..ce33854910 100644 --- a/src/ec/keys.rs +++ b/src/ec/keys.rs @@ -12,8 +12,12 @@ impl KeyPair { Ok(Self { seed, public_key }) } - pub fn public_key(&self) -> &PublicKey { &self.public_key } - pub fn split(self) -> (Seed, PublicKey) { (self.seed, self.public_key) } + pub fn public_key(&self) -> &PublicKey { + &self.public_key + } + pub fn split(self) -> (Seed, PublicKey) { + (self.seed, self.public_key) + } } pub struct Seed { @@ -24,7 +28,9 @@ pub struct Seed { impl Seed { pub(crate) fn generate( - curve: &'static Curve, rng: &rand::SecureRandom, cpu_features: cpu::Features, + curve: &'static Curve, + rng: &rand::SecureRandom, + cpu_features: cpu::Features, ) -> Result { let mut r = Self { bytes: [0u8; SEED_MAX_BYTES], @@ -36,7 +42,9 @@ impl Seed { } pub(crate) fn from_bytes( - curve: &'static Curve, bytes: untrusted::Input, cpu_features: cpu::Features, + curve: &'static Curve, + bytes: untrusted::Input, + cpu_features: cpu::Features, ) -> Result { let bytes = bytes.as_slice_less_safe(); if curve.elem_scalar_seed_len != bytes.len() { @@ -52,7 +60,9 @@ impl Seed { Ok(r) } - pub fn bytes_less_safe(&self) -> &[u8] { &self.bytes[..self.curve.elem_scalar_seed_len] } + pub fn bytes_less_safe(&self) -> &[u8] { + &self.bytes[..self.curve.elem_scalar_seed_len] + } pub fn compute_public_key(&self) -> Result { let mut public_key = PublicKey { @@ -71,7 +81,9 @@ pub struct PublicKey { } impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { &self.bytes[..self.len] } + fn as_ref(&self) -> &[u8] { + &self.bytes[..self.len] + } } /// The maximum length, in bytes, of an encoded public key. diff --git a/src/ec/suite_b.rs b/src/ec/suite_b.rs index b7c5f59b28..612a62e911 100644 --- a/src/ec/suite_b.rs +++ b/src/ec/suite_b.rs @@ -31,7 +31,8 @@ use untrusted; // y**2 == (x**2 + a)*x + b (mod q) // fn verify_affine_point_is_on_the_curve( - ops: &CommonOps, (x, y): (&Elem, &Elem), + ops: &CommonOps, + (x, y): (&Elem, &Elem), ) -> Result<(), error::Unspecified> { verify_affine_point_is_on_the_curve_scaled(ops, (x, y), &ops.a, &ops.b) } @@ -46,7 +47,8 @@ fn verify_affine_point_is_on_the_curve( // // This function also verifies that the point is not at infinity. fn verify_jacobian_point_is_on_the_curve( - ops: &CommonOps, p: &Point, + ops: &CommonOps, + p: &Point, ) -> Result, error::Unspecified> { let z = ops.point_z(p); @@ -133,7 +135,10 @@ fn verify_jacobian_point_is_on_the_curve( // Elliptic Curve Cryptosystems" by Johannes Blömer, Martin Otto, and // Jean-Pierre Seifert. fn verify_affine_point_is_on_the_curve_scaled( - ops: &CommonOps, (x, y): (&Elem, &Elem), a_scaled: &Elem, b_scaled: &Elem, + ops: &CommonOps, + (x, y): (&Elem, &Elem), + a_scaled: &Elem, + b_scaled: &Elem, ) -> Result<(), error::Unspecified> { let lhs = ops.elem_squared(y); @@ -150,7 +155,9 @@ fn verify_affine_point_is_on_the_curve_scaled( } pub(crate) fn key_pair_from_pkcs8( - curve: &'static ec::Curve, template: &pkcs8::Template, input: untrusted::Input, + curve: &'static ec::Curve, + template: &pkcs8::Template, + input: untrusted::Input, cpu_features: cpu::Features, ) -> Result { let (ec_private_key, _) = pkcs8::unwrap_key(template, pkcs8::Version::V1Only, input)?; @@ -168,7 +175,8 @@ pub(crate) fn key_pair_from_pkcs8( } fn key_pair_from_pkcs8_<'a>( - template: &pkcs8::Template, input: &mut untrusted::Reader<'a>, + template: &pkcs8::Template, + input: &mut untrusted::Reader<'a>, ) -> Result<(untrusted::Input<'a>, untrusted::Input<'a>), error::KeyRejected> { let version = der::small_nonnegative_integer(input) .map_err(|error::Unspecified| error::KeyRejected::invalid_encoding())?; @@ -203,8 +211,10 @@ fn key_pair_from_pkcs8_<'a>( } pub(crate) fn key_pair_from_bytes( - curve: &'static ec::Curve, private_key_bytes: untrusted::Input, - public_key_bytes: untrusted::Input, cpu_features: cpu::Features, + curve: &'static ec::Curve, + private_key_bytes: untrusted::Input, + public_key_bytes: untrusted::Input, + cpu_features: cpu::Features, ) -> Result { let seed = ec::Seed::from_bytes(curve, private_key_bytes, cpu_features) .map_err(|error::Unspecified| error::KeyRejected::invalid_component())?; diff --git a/src/ec/suite_b/curve.rs b/src/ec/suite_b/curve.rs index 30cebf9515..05794dddd6 100644 --- a/src/ec/suite_b/curve.rs +++ b/src/ec/suite_b/curve.rs @@ -47,13 +47,15 @@ macro_rules! suite_b_curve { } fn $generate_private_key( - rng: &rand::SecureRandom, out: &mut [u8], + rng: &rand::SecureRandom, + out: &mut [u8], ) -> Result<(), error::Unspecified> { ec::suite_b::private_key::generate_private_scalar_bytes($private_key_ops, rng, out) } fn $public_from_private( - public_out: &mut [u8], private_key: &ec::Seed, + public_out: &mut [u8], + private_key: &ec::Seed, ) -> Result<(), error::Unspecified> { ec::suite_b::private_key::public_from_private($private_key_ops, public_out, private_key) } diff --git a/src/ec/suite_b/ecdh.rs b/src/ec/suite_b/ecdh.rs index a82967403b..ca6451ccdb 100644 --- a/src/ec/suite_b/ecdh.rs +++ b/src/ec/suite_b/ecdh.rs @@ -45,7 +45,9 @@ macro_rules! ecdh { }; fn $ecdh( - out: &mut [u8], my_private_key: &ec::Seed, peer_public_key: untrusted::Input, + out: &mut [u8], + my_private_key: &ec::Seed, + peer_public_key: untrusted::Input, ) -> Result<(), error::Unspecified> { ecdh( $private_key_ops, @@ -77,8 +79,11 @@ ecdh!( ); fn ecdh( - private_key_ops: &PrivateKeyOps, public_key_ops: &PublicKeyOps, out: &mut [u8], - my_private_key: &ec::Seed, peer_public_key: untrusted::Input, + private_key_ops: &PrivateKeyOps, + public_key_ops: &PublicKeyOps, + out: &mut [u8], + my_private_key: &ec::Seed, + peer_public_key: untrusted::Input, ) -> Result<(), error::Unspecified> { // The NIST SP 800-56Ar2 steps are from section 5.7.1.2 Elliptic Curve // Cryptography Cofactor Diffie-Hellman (ECC CDH) Primitive. diff --git a/src/ec/suite_b/ecdsa/digest_scalar.rs b/src/ec/suite_b/ecdsa/digest_scalar.rs index 82662c0c41..1f885c1a92 100644 --- a/src/ec/suite_b/ecdsa/digest_scalar.rs +++ b/src/ec/suite_b/ecdsa/digest_scalar.rs @@ -105,7 +105,7 @@ mod tests { ("P-384", "SHA384") => (&p384::PUBLIC_SCALAR_OPS, &digest::SHA384), _ => { panic!("Unsupported curve+digest: {}+{}", curve_name, digest_name); - }, + } }; let num_limbs = ops.public_key_ops.common.num_limbs; diff --git a/src/ec/suite_b/ecdsa/signing.rs b/src/ec/suite_b/ecdsa/signing.rs index 189af86dc3..b1c5360378 100644 --- a/src/ec/suite_b/ecdsa/signing.rs +++ b/src/ec/suite_b/ecdsa/signing.rs @@ -51,7 +51,9 @@ enum AlgorithmID { derive_debug_via_id!(EcdsaSigningAlgorithm); impl PartialEq for EcdsaSigningAlgorithm { - fn eq(&self, other: &Self) -> bool { self.id == other.id } + fn eq(&self, other: &Self) -> bool { + self.id == other.id + } } impl Eq for EcdsaSigningAlgorithm {} @@ -80,7 +82,8 @@ impl EcdsaKeyPair { /// [RFC 5915]: https://tools.ietf.org/html/rfc5915 /// [RFC 5958 Section 2]: https://tools.ietf.org/html/rfc5958#section-2 pub fn generate_pkcs8( - alg: &'static EcdsaSigningAlgorithm, rng: &rand::SecureRandom, + alg: &'static EcdsaSigningAlgorithm, + rng: &rand::SecureRandom, ) -> Result { let private_key = ec::Seed::generate(alg.curve, rng, cpu::features())?; let public_key = private_key.compute_public_key()?; @@ -102,7 +105,8 @@ impl EcdsaKeyPair { /// `ECPrivateKey`, if present, must be the same named curve that is in the /// algorithm identifier in the PKCS#8 header. pub fn from_pkcs8( - alg: &'static EcdsaSigningAlgorithm, pkcs8: &[u8], + alg: &'static EcdsaSigningAlgorithm, + pkcs8: &[u8], ) -> Result { let key_pair = ec::suite_b::key_pair_from_pkcs8( alg.curve, @@ -120,7 +124,9 @@ impl EcdsaKeyPair { /// recommended to use `RsaPubeyPair::from_pkcs8()` (with a PKCS#8-encoded /// key) instead. pub fn from_private_key_and_public_key( - alg: &'static EcdsaSigningAlgorithm, private_key: &[u8], public_key: &[u8], + alg: &'static EcdsaSigningAlgorithm, + private_key: &[u8], + public_key: &[u8], ) -> Result { let key_pair = ec::suite_b::key_pair_from_bytes( alg.curve, @@ -149,7 +155,9 @@ impl EcdsaKeyPair { /// Returns the signature of the `message` using a random nonce /// generated by `rng`. pub fn sign( - &self, rng: &rand::SecureRandom, message: &[u8], + &self, + rng: &rand::SecureRandom, + message: &[u8], ) -> Result { // Step 4 (out of order). let h = digest::digest(self.alg.digest_alg, message); @@ -159,7 +167,9 @@ impl EcdsaKeyPair { /// Returns the signature of message digest `h` using a "random" nonce /// generated by `rng`. fn sign_( - &self, rng: &rand::SecureRandom, h: digest::Digest, + &self, + rng: &rand::SecureRandom, + h: digest::Digest, ) -> Result { // NSA Suite B Implementer's Guide to ECDSA Section 3.4.1: ECDSA // Signature Generation. @@ -237,7 +247,9 @@ impl EcdsaKeyPair { impl signature::KeyPair for EcdsaKeyPair { type PublicKey = PublicKey; - fn public_key(&self) -> &Self::PublicKey { &self.public_key } + fn public_key(&self) -> &Self::PublicKey { + &self.public_key + } } #[derive(Clone, Copy)] @@ -246,7 +258,9 @@ pub struct PublicKey(ec::PublicKey); derive_debug_self_as_ref_hex_bytes!(PublicKey); impl AsRef<[u8]> for PublicKey { - fn as_ref(&self) -> &[u8] { self.0.as_ref() } + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } } fn format_rs_fixed(ops: &'static ScalarOps, r: &Scalar, s: &Scalar, out: &mut [u8]) -> usize { @@ -406,7 +420,7 @@ mod tests { ("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_FIXED_SIGNING, _ => { panic!("Unsupported curve+digest: {}+{}", curve_name, digest_name); - }, + } }; let private_key = @@ -443,7 +457,7 @@ mod tests { ("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_ASN1_SIGNING, _ => { panic!("Unsupported curve+digest: {}+{}", curve_name, digest_name); - }, + } }; let private_key = diff --git a/src/ec/suite_b/ecdsa/verification.rs b/src/ec/suite_b/ecdsa/verification.rs index b20e6e890d..fa1adbe7fe 100644 --- a/src/ec/suite_b/ecdsa/verification.rs +++ b/src/ec/suite_b/ecdsa/verification.rs @@ -52,7 +52,10 @@ derive_debug_via_id!(EcdsaVerificationAlgorithm); impl signature::VerificationAlgorithm for EcdsaVerificationAlgorithm { fn verify( - &self, public_key: untrusted::Input, msg: untrusted::Input, signature: untrusted::Input, + &self, + public_key: untrusted::Input, + msg: untrusted::Input, + signature: untrusted::Input, ) -> Result<(), error::Unspecified> { let e = { // NSA Guide Step 2: "Use the selected hash function to compute H = @@ -71,7 +74,10 @@ impl signature::VerificationAlgorithm for EcdsaVerificationAlgorithm { impl EcdsaVerificationAlgorithm { /// This is intentionally not public. fn verify_digest( - &self, public_key: untrusted::Input, e: Scalar, signature: untrusted::Input, + &self, + public_key: untrusted::Input, + e: Scalar, + signature: untrusted::Input, ) -> Result<(), error::Unspecified> { // NSA Suite B Implementer's Guide to ECDSA Section 3.4.2. @@ -137,7 +143,10 @@ impl EcdsaVerificationAlgorithm { // that would be necessary to compute the affine X coordinate. let x = public_key_ops.common.point_x(&product); fn sig_r_equals_x( - ops: &PublicScalarOps, r: &Elem, x: &Elem, z2: &Elem, + ops: &PublicScalarOps, + r: &Elem, + x: &Elem, + z2: &Elem, ) -> bool { let cops = ops.public_key_ops.common; let r_jacobian = cops.elem_product(z2, r); @@ -162,7 +171,8 @@ impl EcdsaVerificationAlgorithm { impl sealed::Sealed for EcdsaVerificationAlgorithm {} fn split_rs_fixed<'a>( - ops: &'static ScalarOps, input: &mut untrusted::Reader<'a>, + ops: &'static ScalarOps, + input: &mut untrusted::Reader<'a>, ) -> Result<(untrusted::Input<'a>, untrusted::Input<'a>), error::Unspecified> { let scalar_len = ops.scalar_bytes_len(); let r = input.read_bytes(scalar_len)?; @@ -171,7 +181,8 @@ fn split_rs_fixed<'a>( } fn split_rs_asn1<'a>( - _ops: &'static ScalarOps, input: &mut untrusted::Reader<'a>, + _ops: &'static ScalarOps, + input: &mut untrusted::Reader<'a>, ) -> Result<(untrusted::Input<'a>, untrusted::Input<'a>), error::Unspecified> { der::nested(input, der::Tag::Sequence, error::Unspecified, |input| { let r = der::positive_integer(input)?.big_endian_without_leading_zero_as_input(); @@ -181,7 +192,10 @@ fn split_rs_asn1<'a>( } fn twin_mul( - ops: &PrivateKeyOps, g_scalar: &Scalar, p_scalar: &Scalar, p_xy: &(Elem, Elem), + ops: &PrivateKeyOps, + g_scalar: &Scalar, + p_scalar: &Scalar, + p_xy: &(Elem, Elem), ) -> Point { // XXX: Inefficient. TODO: implement interleaved wNAF multiplication. let scaled_g = ops.point_mul_base(g_scalar); @@ -309,7 +323,7 @@ mod tests { "P-384" => &ECDSA_P384_SHA384_FIXED, _ => { panic!("Unsupported curve: {}", curve_name); - }, + } }; let digest = super::super::digest_scalar::digest_bytes_scalar( diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index b95a5be3b6..7da176c1c6 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -115,7 +115,9 @@ impl CommonOps { } #[inline] - pub fn elem_unencoded(&self, a: &Elem) -> Elem { self.elem_product(a, &ONE) } + pub fn elem_unencoded(&self, a: &Elem) -> Elem { + self.elem_product(a, &ONE) + } #[inline] pub fn elem_mul(&self, a: &mut Elem, b: &Elem) { @@ -124,7 +126,9 @@ impl CommonOps { #[inline] pub fn elem_product( - &self, a: &Elem, b: &Elem, + &self, + a: &Elem, + b: &Elem, ) -> Elem<<(EA, EB) as ProductEncoding>::Output> where (EA, EB): ProductEncoding, @@ -133,10 +137,14 @@ impl CommonOps { } #[inline] - pub fn elem_square(&self, a: &mut Elem) { unary_op_assign(self.elem_sqr_mont, a); } + pub fn elem_square(&self, a: &mut Elem) { + unary_op_assign(self.elem_sqr_mont, a); + } #[inline] - pub fn elem_squared(&self, a: &Elem) -> Elem { unary_op(self.elem_sqr_mont, a) } + pub fn elem_squared(&self, a: &Elem) -> Elem { + unary_op(self.elem_sqr_mont, a) + } #[inline] pub fn is_zero(&self, a: &elem::Elem) -> bool { @@ -199,7 +207,9 @@ pub struct PrivateKeyOps { impl PrivateKeyOps { #[inline(always)] - pub fn point_mul_base(&self, a: &Scalar) -> Point { (self.point_mul_base_impl)(a) } + pub fn point_mul_base(&self, a: &Scalar) -> Point { + (self.point_mul_base_impl)(a) + } #[inline(always)] pub fn point_mul(&self, p_scalar: &Scalar, (p_x, p_y): &(Elem, Elem)) -> Point { @@ -216,7 +226,9 @@ impl PrivateKeyOps { } #[inline] - pub fn elem_inverse_squared(&self, a: &Elem) -> Elem { (self.elem_inv_squared)(a) } + pub fn elem_inverse_squared(&self, a: &Elem) -> Elem { + (self.elem_inv_squared)(a) + } } /// Operations and values needed by all operations on public keys (ECDH @@ -259,7 +271,9 @@ pub struct ScalarOps { impl ScalarOps { // The (maximum) length of a scalar, not including any padding. - pub fn scalar_bytes_len(&self) -> usize { self.common.num_limbs * LIMB_BYTES } + pub fn scalar_bytes_len(&self) -> usize { + self.common.num_limbs * LIMB_BYTES + } /// Returns the modular inverse of `a` (mod `n`). Panics of `a` is zero, /// because zero isn't invertible. @@ -270,7 +284,9 @@ impl ScalarOps { #[inline] pub fn scalar_product( - &self, a: &Scalar, b: &Scalar, + &self, + a: &Scalar, + b: &Scalar, ) -> Scalar<<(EA, EB) as ProductEncoding>::Output> where (EA, EB): ProductEncoding, @@ -375,21 +391,25 @@ fn elem_sqr_mul_acc(ops: &CommonOps, acc: &mut Elem, squarings: usize, b: &El #[inline] pub fn elem_parse_big_endian_fixed_consttime( - ops: &CommonOps, bytes: untrusted::Input, + ops: &CommonOps, + bytes: untrusted::Input, ) -> Result, error::Unspecified> { parse_big_endian_fixed_consttime(ops, bytes, AllowZero::Yes, &ops.q.p[..ops.num_limbs]) } #[inline] pub fn scalar_parse_big_endian_fixed_consttime( - ops: &CommonOps, bytes: untrusted::Input, + ops: &CommonOps, + bytes: untrusted::Input, ) -> Result { parse_big_endian_fixed_consttime(ops, bytes, AllowZero::No, &ops.n.limbs[..ops.num_limbs]) } #[inline] pub fn scalar_parse_big_endian_variable( - ops: &CommonOps, allow_zero: AllowZero, bytes: untrusted::Input, + ops: &CommonOps, + allow_zero: AllowZero, + bytes: untrusted::Input, ) -> Result { let mut r = Scalar::zero(); parse_big_endian_in_range_and_pad_consttime( @@ -402,7 +422,9 @@ pub fn scalar_parse_big_endian_variable( } pub fn scalar_parse_big_endian_partially_reduced_variable_consttime( - ops: &CommonOps, allow_zero: AllowZero, bytes: untrusted::Input, + ops: &CommonOps, + allow_zero: AllowZero, + bytes: untrusted::Input, ) -> Result { let mut r = Scalar::zero(); parse_big_endian_in_range_partially_reduced_and_pad_consttime( @@ -415,7 +437,10 @@ pub fn scalar_parse_big_endian_partially_reduced_variable_consttime( } fn parse_big_endian_fixed_consttime( - ops: &CommonOps, bytes: untrusted::Input, allow_zero: AllowZero, max_exclusive: &[Limb], + ops: &CommonOps, + bytes: untrusted::Input, + allow_zero: AllowZero, + max_exclusive: &[Limb], ) -> Result, error::Unspecified> { if bytes.len() != ops.num_limbs * LIMB_BYTES { return Err(error::Unspecified); @@ -432,7 +457,11 @@ fn parse_big_endian_fixed_consttime( extern "C" { fn LIMBS_add_mod( - r: *mut Limb, a: *const Limb, b: *const Limb, m: *const Limb, num_limbs: size_t, + r: *mut Limb, + a: *const Limb, + b: *const Limb, + m: *const Limb, + num_limbs: size_t, ); } @@ -570,7 +599,8 @@ mod tests { } fn elem_div_by_2_test( - ops: &CommonOps, elem_div_by_2: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), + ops: &CommonOps, + elem_div_by_2: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), test_file: test::File, ) { test::run(test_file, |section, test_case| { @@ -615,7 +645,8 @@ mod tests { } fn elem_neg_test( - ops: &CommonOps, elem_neg: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), + ops: &CommonOps, + elem_neg: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), test_file: test::File, ) { test::run(test_file, |section, test_case| { @@ -716,7 +747,8 @@ mod tests { // `GFp_p384_scalar_sqr_rep_mont()`. fn scalar_square_test( - ops: &ScalarOps, sqr_rep: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, rep: Limb), + ops: &ScalarOps, + sqr_rep: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, rep: Limb), test_file: test::File, ) { test::run(test_file, |section, test_case| { @@ -912,7 +944,7 @@ mod tests { let (x, y) = match consume_point(ops, test_case, "p") { TestPoint::Infinity => { panic!("can't be inf."); - }, + } TestPoint::Affine(x, y) => (x, y), }; let expected_result = consume_point(ops, test_case, "r"); @@ -932,7 +964,9 @@ mod tests { } fn point_mul_serialized_test( - priv_ops: &PrivateKeyOps, pub_ops: &PublicKeyOps, test_file: test::File, + priv_ops: &PrivateKeyOps, + pub_ops: &PublicKeyOps, + test_file: test::File, ) { let cops = pub_ops.common; @@ -997,7 +1031,9 @@ mod tests { } fn assert_point_actual_equals_expected( - ops: &PrivateKeyOps, actual_point: &Point, expected_point: &TestPoint, + ops: &PrivateKeyOps, + actual_point: &Point, + expected_point: &TestPoint, ) { let cops = ops.common; let actual_x = &cops.point_x(&actual_point); @@ -1007,7 +1043,7 @@ mod tests { TestPoint::Infinity => { let zero = Elem::zero(); assert_elems_are_equal(cops, &actual_z, &zero); - }, + } TestPoint::Affine(expected_x, expected_y) => { let zz_inv = ops.elem_inverse_squared(&actual_z); let x_aff = cops.elem_product(&actual_x, &zz_inv); @@ -1019,12 +1055,14 @@ mod tests { assert_elems_are_equal(cops, &x_aff, &expected_x); assert_elems_are_equal(cops, &y_aff, &expected_y); - }, + } } } fn consume_jacobian_point( - ops: &PrivateKeyOps, test_case: &mut test::TestCase, name: &str, + ops: &PrivateKeyOps, + test_case: &mut test::TestCase, + name: &str, ) -> Point { let input = test_case.consume_string(name); let elems = input.split(", ").collect::>(); @@ -1041,7 +1079,9 @@ mod tests { } fn consume_affine_point( - ops: &PrivateKeyOps, test_case: &mut test::TestCase, name: &str, + ops: &PrivateKeyOps, + test_case: &mut test::TestCase, + name: &str, ) -> AffinePoint { let input = test_case.consume_string(name); let elems = input.split(", ").collect::>(); @@ -1098,7 +1138,9 @@ mod tests { } fn assert_limbs_are_equal( - ops: &CommonOps, actual: &[Limb; MAX_LIMBS], expected: &[Limb; MAX_LIMBS], + ops: &CommonOps, + actual: &[Limb; MAX_LIMBS], + expected: &[Limb; MAX_LIMBS], ) { for i in 0..ops.num_limbs { if actual[i] != expected[i] { @@ -1132,7 +1174,9 @@ mod tests { } fn consume_scalar_mont( - ops: &CommonOps, test_case: &mut test::TestCase, name: &str, + ops: &CommonOps, + test_case: &mut test::TestCase, + name: &str, ) -> Scalar { let bytes = test_case.consume_bytes(name); let bytes = untrusted::Input::from(&bytes); @@ -1146,7 +1190,9 @@ mod tests { } fn consume_padded_bytes( - ops: &CommonOps, test_case: &mut test::TestCase, name: &str, + ops: &CommonOps, + test_case: &mut test::TestCase, + name: &str, ) -> Vec { let unpadded_bytes = test_case.consume_bytes(name); let mut bytes = vec![0; (ops.num_limbs * LIMB_BYTES) - unpadded_bytes.len()]; diff --git a/src/ec/suite_b/ops/elem.rs b/src/ec/suite_b/ops/elem.rs index 452553c616..32c791a46e 100644 --- a/src/ec/suite_b/ops/elem.rs +++ b/src/ec/suite_b/ops/elem.rs @@ -48,7 +48,8 @@ impl Elem { #[inline] pub fn mul_mont( - f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), a: &Elem, + f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), + a: &Elem, b: &Elem, ) -> Elem::Output> where @@ -60,7 +61,8 @@ where // let r = f(a, b); return r; #[inline] pub fn binary_op( - f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), a: &Elem, + f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), + a: &Elem, b: &Elem, ) -> Elem { let mut r = Elem { @@ -75,7 +77,8 @@ pub fn binary_op( // a := f(a, b); #[inline] pub fn binary_op_assign( - f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), a: &mut Elem, + f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), + a: &mut Elem, b: &Elem, ) { unsafe { f(a.limbs.as_mut_ptr(), a.limbs.as_ptr(), b.limbs.as_ptr()) } @@ -84,7 +87,8 @@ pub fn binary_op_assign( // let r = f(a); return r; #[inline] pub fn unary_op( - f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), a: &Elem, + f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), + a: &Elem, ) -> Elem { let mut r = Elem { limbs: [0; MAX_LIMBS], @@ -98,7 +102,8 @@ pub fn unary_op( // a := f(a); #[inline] pub fn unary_op_assign( - f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), a: &mut Elem, + f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), + a: &mut Elem, ) { unsafe { f(a.limbs.as_mut_ptr(), a.limbs.as_ptr()) } } @@ -106,7 +111,8 @@ pub fn unary_op_assign( // a := f(a, a); #[inline] pub fn unary_op_from_binary_op_assign( - f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), a: &mut Elem, + f: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), + a: &mut Elem, ) { unsafe { f(a.limbs.as_mut_ptr(), a.limbs.as_ptr(), a.limbs.as_ptr()) } } diff --git a/src/ec/suite_b/ops/p256.rs b/src/ec/suite_b/ops/p256.rs index 1f4d9bb26f..0308df3187 100644 --- a/src/ec/suite_b/ops/p256.rs +++ b/src/ec/suite_b/ops/p256.rs @@ -180,10 +180,14 @@ fn p256_scalar_inv_to_mont(a: &Scalar) -> Scalar { // 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f #[inline] - fn mul(a: &Scalar, b: &Scalar) -> Scalar { binary_op(GFp_p256_scalar_mul_mont, a, b) } + fn mul(a: &Scalar, b: &Scalar) -> Scalar { + binary_op(GFp_p256_scalar_mul_mont, a, b) + } #[inline] - fn sqr(a: &Scalar) -> Scalar { unary_op(GFp_p256_scalar_sqr_mont, a) } + fn sqr(a: &Scalar) -> Scalar { + unary_op(GFp_p256_scalar_sqr_mont, a) + } // Returns (`a` squared `squarings` times) * `b`. fn sqr_mul(a: &Scalar, squarings: Limb, b: &Scalar) -> Scalar { diff --git a/src/ec/suite_b/ops/p384.rs b/src/ec/suite_b/ops/p384.rs index 6ba515b73a..422b9091c1 100644 --- a/src/ec/suite_b/ops/p384.rs +++ b/src/ec/suite_b/ops/p384.rs @@ -206,11 +206,17 @@ fn p384_scalar_inv_to_mont(a: &Scalar) -> Scalar { // 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf\ // 581a0db248b0a77aecec196accc52971. - fn mul(a: &Scalar, b: &Scalar) -> Scalar { binary_op(GFp_p384_scalar_mul_mont, a, b) } + fn mul(a: &Scalar, b: &Scalar) -> Scalar { + binary_op(GFp_p384_scalar_mul_mont, a, b) + } - fn sqr(a: &Scalar) -> Scalar { binary_op(GFp_p384_scalar_mul_mont, a, a) } + fn sqr(a: &Scalar) -> Scalar { + binary_op(GFp_p384_scalar_mul_mont, a, a) + } - fn sqr_mut(a: &mut Scalar) { unary_op_from_binary_op_assign(GFp_p384_scalar_mul_mont, a); } + fn sqr_mut(a: &mut Scalar) { + unary_op_from_binary_op_assign(GFp_p384_scalar_mul_mont, a); + } // Returns (`a` squared `squarings` times) * `b`. fn sqr_mul(a: &Scalar, squarings: usize, b: &Scalar) -> Scalar { diff --git a/src/ec/suite_b/private_key.rs b/src/ec/suite_b/private_key.rs index 801e58050e..5c0f9a86e3 100644 --- a/src/ec/suite_b/private_key.rs +++ b/src/ec/suite_b/private_key.rs @@ -26,7 +26,8 @@ use untrusted; /// Generates a random scalar in the range [1, n). pub fn random_scalar( - ops: &PrivateKeyOps, rng: &rand::SecureRandom, + ops: &PrivateKeyOps, + rng: &rand::SecureRandom, ) -> Result { let num_limbs = ops.common.num_limbs; let mut bytes = [0; ec::SCALAR_MAX_BYTES]; @@ -36,7 +37,9 @@ pub fn random_scalar( } pub fn generate_private_scalar_bytes( - ops: &PrivateKeyOps, rng: &rand::SecureRandom, out: &mut [u8], + ops: &PrivateKeyOps, + rng: &rand::SecureRandom, + out: &mut [u8], ) -> Result<(), error::Unspecified> { // [NSA Suite B Implementer's Guide to ECDSA] Appendix A.1.2, and // [NSA Suite B Implementer's Guide to NIST SP 800-56A] Appendix B.2, @@ -94,7 +97,8 @@ pub fn private_key_as_scalar(ops: &PrivateKeyOps, private_key: &ec::Seed) -> Sca } pub fn check_scalar_big_endian_bytes( - ops: &PrivateKeyOps, bytes: &[u8], + ops: &PrivateKeyOps, + bytes: &[u8], ) -> Result<(), error::Unspecified> { debug_assert_eq!(bytes.len(), ops.common.num_limbs * LIMB_BYTES); scalar_from_big_endian_bytes(ops, bytes).map(|_| ()) @@ -106,7 +110,8 @@ pub fn check_scalar_big_endian_bytes( // valid value, but it might leak small amounts of information about an invalid // value (which constraint it failed). pub fn scalar_from_big_endian_bytes( - ops: &PrivateKeyOps, bytes: &[u8], + ops: &PrivateKeyOps, + bytes: &[u8], ) -> Result { // [NSA Suite B Implementer's Guide to ECDSA] Appendix A.1.2, and // [NSA Suite B Implementer's Guide to NIST SP 800-56A] Appendix B.2, @@ -127,7 +132,9 @@ pub fn scalar_from_big_endian_bytes( } pub fn public_from_private( - ops: &PrivateKeyOps, public_out: &mut [u8], my_private_key: &ec::Seed, + ops: &PrivateKeyOps, + public_out: &mut [u8], + my_private_key: &ec::Seed, ) -> Result<(), error::Unspecified> { let elem_and_scalar_bytes = ops.common.num_limbs * LIMB_BYTES; debug_assert_eq!(public_out.len(), 1 + (2 * elem_and_scalar_bytes)); @@ -142,7 +149,8 @@ pub fn public_from_private( } pub fn affine_from_jacobian( - ops: &PrivateKeyOps, p: &Point, + ops: &PrivateKeyOps, + p: &Point, ) -> Result<(Elem, Elem), error::Unspecified> { let z = ops.common.point_z(p); @@ -176,7 +184,10 @@ pub fn affine_from_jacobian( } pub fn big_endian_affine_from_jacobian( - ops: &PrivateKeyOps, x_out: Option<&mut [u8]>, y_out: Option<&mut [u8]>, p: &Point, + ops: &PrivateKeyOps, + x_out: Option<&mut [u8]>, + y_out: Option<&mut [u8]>, + p: &Point, ) -> Result<(), error::Unspecified> { let (x_aff, y_aff) = affine_from_jacobian(ops, p)?; let num_limbs = ops.common.num_limbs; diff --git a/src/ec/suite_b/public_key.rs b/src/ec/suite_b/public_key.rs index 3b8a669215..4521af339e 100644 --- a/src/ec/suite_b/public_key.rs +++ b/src/ec/suite_b/public_key.rs @@ -28,7 +28,8 @@ use untrusted; /// [NIST SP 800-56A, revision 2]: /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf pub fn parse_uncompressed_point( - ops: &PublicKeyOps, input: untrusted::Input, + ops: &PublicKeyOps, + input: untrusted::Input, ) -> Result<(Elem, Elem), error::Unspecified> { // NIST SP 800-56A Step 1: "Verify that Q is not the point at infinity. // This can be done by inspection if the point is entered in the standard diff --git a/src/endian.rs b/src/endian.rs index 96bdc927ec..3635ac1762 100644 --- a/src/endian.rs +++ b/src/endian.rs @@ -37,17 +37,23 @@ macro_rules! impl_endian { impl From<$base> for $endian<$base> { #[inline] - fn from(value: $base) -> Self { Self($base::$to_endian(value)) } + fn from(value: $base) -> Self { + Self($base::$to_endian(value)) + } } impl From> for $endian<$base> { #[inline] - fn from(Wrapping(value): Wrapping<$base>) -> Self { Self($base::$to_endian(value)) } + fn from(Wrapping(value): Wrapping<$base>) -> Self { + Self($base::$to_endian(value)) + } } impl From<$endian<$base>> for $base { #[inline] - fn from($endian(value): $endian<$base>) -> Self { $base::$from_endian(value) } + fn from($endian(value): $endian<$base>) -> Self { + $base::$from_endian(value) + } } }; } diff --git a/src/error.rs b/src/error.rs index 854d5b9a72..a3280fae46 100644 --- a/src/error.rs +++ b/src/error.rs @@ -83,7 +83,9 @@ use std; pub struct Unspecified; impl Unspecified { - fn description_() -> &'static str { "ring::error::Unspecified" } + fn description_() -> &'static str { + "ring::error::Unspecified" + } } // This is required for the implementation of `std::error::Error`. @@ -96,17 +98,25 @@ impl core::fmt::Display for Unspecified { #[cfg(feature = "use_heap")] impl std::error::Error for Unspecified { #[inline] - fn cause(&self) -> Option<&std::error::Error> { None } + fn cause(&self) -> Option<&std::error::Error> { + None + } - fn description(&self) -> &str { Self::description_() } + fn description(&self) -> &str { + Self::description_() + } } impl From for Unspecified { - fn from(_: untrusted::EndOfInput) -> Self { Unspecified } + fn from(_: untrusted::EndOfInput) -> Self { + Unspecified + } } impl From for Unspecified { - fn from(_: TryFromSliceError) -> Self { Unspecified } + fn from(_: TryFromSliceError) -> Self { + Unspecified + } } /// An error parsing or validating a key. @@ -144,40 +154,64 @@ pub struct KeyRejected(&'static str); impl KeyRejected { /// The value returned from ::description() - pub fn description_(&self) -> &'static str { self.0 } + pub fn description_(&self) -> &'static str { + self.0 + } - pub(crate) fn inconsistent_components() -> Self { KeyRejected("InconsistentComponents") } + pub(crate) fn inconsistent_components() -> Self { + KeyRejected("InconsistentComponents") + } - pub(crate) fn invalid_component() -> Self { KeyRejected("InvalidComponent") } + pub(crate) fn invalid_component() -> Self { + KeyRejected("InvalidComponent") + } #[inline] - pub(crate) fn invalid_encoding() -> Self { KeyRejected("InvalidEncoding") } + pub(crate) fn invalid_encoding() -> Self { + KeyRejected("InvalidEncoding") + } - pub(crate) fn public_key_is_missing() -> Self { KeyRejected("PublicKeyIsMissing") } + pub(crate) fn public_key_is_missing() -> Self { + KeyRejected("PublicKeyIsMissing") + } #[cfg(feature = "use_heap")] - pub(crate) fn too_small() -> Self { KeyRejected("TooSmall") } + pub(crate) fn too_small() -> Self { + KeyRejected("TooSmall") + } #[cfg(feature = "use_heap")] - pub(crate) fn too_large() -> Self { KeyRejected("TooLarge") } + pub(crate) fn too_large() -> Self { + KeyRejected("TooLarge") + } - pub(crate) fn version_not_supported() -> Self { KeyRejected("VersionNotSupported") } + pub(crate) fn version_not_supported() -> Self { + KeyRejected("VersionNotSupported") + } - pub(crate) fn wrong_algorithm() -> Self { KeyRejected("WrongAlgorithm") } + pub(crate) fn wrong_algorithm() -> Self { + KeyRejected("WrongAlgorithm") + } #[cfg(feature = "use_heap")] pub(crate) fn private_modulus_len_not_multiple_of_512_bits() -> Self { KeyRejected("PrivateModulusLenNotMultipleOf512Bits") } - pub(crate) fn unexpected_error() -> Self { KeyRejected("UnexpectedError") } + pub(crate) fn unexpected_error() -> Self { + KeyRejected("UnexpectedError") + } } #[cfg(feature = "use_heap")] impl std::error::Error for KeyRejected { - fn cause(&self) -> Option<&std::error::Error> { None } + fn cause(&self) -> Option<&std::error::Error> { + None + } - fn description(&self) -> &str { self.description_() } + fn description(&self) -> &str { + self.description_() + } } #[cfg(feature = "use_heap")] @@ -188,5 +222,7 @@ impl std::fmt::Display for KeyRejected { } impl From for Unspecified { - fn from(_: KeyRejected) -> Self { Unspecified } + fn from(_: KeyRejected) -> Self { + Unspecified + } } diff --git a/src/hkdf.rs b/src/hkdf.rs index 7025781bff..039f5a32e3 100644 --- a/src/hkdf.rs +++ b/src/hkdf.rs @@ -82,7 +82,9 @@ impl Prk { /// /// [HKDF-Expand]: https://tools.ietf.org/html/rfc5869#section-2.3 #[inline] - pub fn expand<'a>(&'a self, info: &'a [u8]) -> Okm<'a> { Okm { prk: self, info } } + pub fn expand<'a>(&'a self, info: &'a [u8]) -> Okm<'a> { + Okm { prk: self, info } + } } /// An HKDF OKM (Output Keying Material) diff --git a/src/hmac.rs b/src/hmac.rs index ddb4e595af..543d3bc430 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -137,7 +137,9 @@ pub struct Tag(digest::Digest); impl AsRef<[u8]> for Tag { #[inline] - fn as_ref(&self) -> &[u8] { self.0.as_ref() } + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } } /// A key to use for HMAC signing. @@ -181,7 +183,8 @@ impl Key { /// The key will be `digest_alg.output_len` bytes long, based on the /// recommendation in https://tools.ietf.org/html/rfc2104#section-3. pub fn generate( - digest_alg: &'static digest::Algorithm, rng: &rand::SecureRandom, + digest_alg: &'static digest::Algorithm, + rng: &rand::SecureRandom, ) -> Result { let mut key_bytes = [0; digest::MAX_OUTPUT_LEN]; let key_bytes = &mut key_bytes[..digest_alg.output_len]; @@ -279,11 +282,15 @@ impl core::fmt::Debug for Context { impl Context { /// Constructs a new HMAC signing context using the given digest algorithm /// and key. - pub fn with_key(signing_key: &Key) -> Self { signing_key.ctx_prototype.clone() } + pub fn with_key(signing_key: &Key) -> Self { + signing_key.ctx_prototype.clone() + } /// Updates the HMAC with all the data in `data`. `update` may be called /// zero or more times until `finish` is called. - pub fn update(&mut self, data: &[u8]) { self.inner.update(data); } + pub fn update(&mut self, data: &[u8]) { + self.inner.update(data); + } /// Finalizes the HMAC calculation and returns the HMAC value. `sign` /// consumes the context so it cannot be (mis-)used after `sign` has been diff --git a/src/io/der.rs b/src/io/der.rs index 00f757f867..325d6f0d8b 100644 --- a/src/io/der.rs +++ b/src/io/der.rs @@ -42,15 +42,20 @@ pub enum Tag { } impl From for usize { - fn from(tag: Tag) -> Self { tag as Self } + fn from(tag: Tag) -> Self { + tag as Self + } } impl From for u8 { - fn from(tag: Tag) -> Self { tag as Self } // XXX: narrowing conversion. + fn from(tag: Tag) -> Self { + tag as Self + } // XXX: narrowing conversion. } pub fn expect_tag_and_get_value<'a>( - input: &mut untrusted::Reader<'a>, tag: Tag, + input: &mut untrusted::Reader<'a>, + tag: Tag, ) -> Result, error::Unspecified> { let (actual_tag, inner) = read_tag_and_get_value(input)?; if usize::from(tag) != usize::from(actual_tag) { @@ -78,7 +83,7 @@ pub fn read_tag_and_get_value<'a>( return Err(error::Unspecified); // Not the canonical encoding. } usize::from(second_byte) - }, + } 0x82 => { let second_byte = usize::from(input.read_byte()?); let third_byte = usize::from(input.read_byte()?); @@ -87,10 +92,10 @@ pub fn read_tag_and_get_value<'a>( return Err(error::Unspecified); // Not the canonical encoding. } combined - }, + } _ => { return Err(error::Unspecified); // We don't support longer lengths. - }, + } }; let inner = input.read_bytes(length)?; @@ -112,7 +117,10 @@ pub fn bit_string_with_no_unused_bits<'a>( // TODO: investigate taking decoder as a reference to reduce generated code // size. pub fn nested<'a, F, R, E: Copy>( - input: &mut untrusted::Reader<'a>, tag: Tag, error: E, decoder: F, + input: &mut untrusted::Reader<'a>, + tag: Tag, + error: E, + decoder: F, ) -> Result where F: FnOnce(&mut untrusted::Reader<'a>) -> Result, @@ -122,7 +130,8 @@ where } fn nonnegative_integer<'a>( - input: &mut untrusted::Reader<'a>, min_value: u8, + input: &mut untrusted::Reader<'a>, + min_value: u8, ) -> Result, error::Unspecified> { // Verify that |input|, which has had any leading zero stripped off, is the // encoding of a value of at least |min_value|. diff --git a/src/io/positive.rs b/src/io/positive.rs index cb782776e6..06f2625d97 100644 --- a/src/io/positive.rs +++ b/src/io/positive.rs @@ -36,7 +36,9 @@ impl<'a> Positive<'a> { } #[inline] - pub(crate) fn big_endian_without_leading_zero_as_input(&self) -> untrusted::Input<'a> { self.0 } + pub(crate) fn big_endian_without_leading_zero_as_input(&self) -> untrusted::Input<'a> { + self.0 + } } impl Positive<'_> { diff --git a/src/io/writer.rs b/src/io/writer.rs index 0c26439afc..e8f9bcb78d 100644 --- a/src/io/writer.rs +++ b/src/io/writer.rs @@ -22,16 +22,24 @@ pub(super) struct LengthMeasurement { } impl Into for LengthMeasurement { - fn into(self) -> usize { self.len } + fn into(self) -> usize { + self.len + } } impl LengthMeasurement { - pub fn zero() -> Self { Self { len: 0 } } + pub fn zero() -> Self { + Self { len: 0 } + } } impl Accumulator for LengthMeasurement { - fn write_byte(&mut self, _value: u8) { self.len += 1; } - fn write_bytes(&mut self, value: &[u8]) { self.len += value.len(); } + fn write_byte(&mut self, _value: u8) { + self.len += 1; + } + fn write_bytes(&mut self, value: &[u8]) { + self.len += value.len(); + } } pub(super) struct Writer { @@ -56,8 +64,12 @@ impl Into> for Writer { } impl Accumulator for Writer { - fn write_byte(&mut self, value: u8) { self.bytes.push(value); } - fn write_bytes(&mut self, value: &[u8]) { self.bytes.extend(value); } + fn write_byte(&mut self, value: u8) { + self.bytes.push(value); + } + fn write_bytes(&mut self, value: &[u8]) { + self.bytes.extend(value); + } } pub fn write_copy(accumulator: &mut Accumulator, to_copy: untrusted::Input) { diff --git a/src/limb.rs b/src/limb.rs index a695f24dc6..bd26c70087 100644 --- a/src/limb.rs +++ b/src/limb.rs @@ -152,7 +152,10 @@ pub enum AllowZero { /// `AllowZero::Yes`, or [1, m) if `allow_zero` is `AllowZero::No`. `result` is /// padded with zeros to its length. pub fn parse_big_endian_in_range_partially_reduced_and_pad_consttime( - input: untrusted::Input, allow_zero: AllowZero, m: &[Limb], result: &mut [Limb], + input: untrusted::Input, + allow_zero: AllowZero, + m: &[Limb], + result: &mut [Limb], ) -> Result<(), error::Unspecified> { parse_big_endian_and_pad_consttime(input, result)?; limbs_reduce_once_constant_time(result, m); @@ -173,7 +176,10 @@ pub fn parse_big_endian_in_range_partially_reduced_and_pad_consttime( /// about a valid value, but it might leak small amounts of information about an /// invalid value (which constraint it failed). pub fn parse_big_endian_in_range_and_pad_consttime( - input: untrusted::Input, allow_zero: AllowZero, max_exclusive: &[Limb], result: &mut [Limb], + input: untrusted::Input, + allow_zero: AllowZero, + max_exclusive: &[Limb], + result: &mut [Limb], ) -> Result<(), error::Unspecified> { parse_big_endian_and_pad_consttime(input, result)?; if limbs_less_than_limbs_consttime(&result, max_exclusive) != LimbMask::True { @@ -191,7 +197,8 @@ pub fn parse_big_endian_in_range_and_pad_consttime( /// This attempts to be constant-time with respect to the value but not with /// respect to the length; it is assumed that the length is public knowledge. pub fn parse_big_endian_and_pad_consttime( - input: untrusted::Input, result: &mut [Limb], + input: untrusted::Input, + result: &mut [Limb], ) -> Result<(), error::Unspecified> { if input.is_empty() { return Err(error::Unspecified); @@ -265,7 +272,9 @@ pub type Window = Limb; /// Panics if `limbs` is empty. #[cfg(feature = "use_heap")] pub fn fold_5_bit_windows R, F: Fn(R, Window) -> R>( - limbs: &[Limb], init: I, fold: F, + limbs: &[Limb], + init: I, + fold: F, ) -> R { #[derive(Clone, Copy)] #[repr(transparent)] @@ -275,7 +284,9 @@ pub fn fold_5_bit_windows R, F: Fn(R, Window) -> R>( extern "C" { fn LIMBS_window5_split_window( - lower_limb: Limb, higher_limb: Limb, index_within_word: BitIndex, + lower_limb: Limb, + higher_limb: Limb, + index_within_word: BitIndex, ) -> Window; fn LIMBS_window5_unsplit_window(limb: Limb, index_within_word: BitIndex) -> Window; } diff --git a/src/pbkdf2.rs b/src/pbkdf2.rs index 7b89a64032..078059f587 100644 --- a/src/pbkdf2.rs +++ b/src/pbkdf2.rs @@ -137,7 +137,10 @@ use core::num::NonZeroU32; /// `derive` panics if `out.len()` is larger than (2**32 - 1) * the digest /// algorithm's output length, per the PBKDF2 specification. pub fn derive( - digest_alg: &'static digest::Algorithm, iterations: NonZeroU32, salt: &[u8], secret: &[u8], + digest_alg: &'static digest::Algorithm, + iterations: NonZeroU32, + salt: &[u8], + secret: &[u8], out: &mut [u8], ) { let output_len = digest_alg.output_len; @@ -203,7 +206,10 @@ fn derive_block(secret: &hmac::Key, iterations: NonZeroU32, salt: &[u8], idx: u3 /// `verify` panics if `out.len()` is larger than (2**32 - 1) * the digest /// algorithm's output length, per the PBKDF2 specification. pub fn verify( - digest_alg: &'static digest::Algorithm, iterations: NonZeroU32, salt: &[u8], secret: &[u8], + digest_alg: &'static digest::Algorithm, + iterations: NonZeroU32, + salt: &[u8], + secret: &[u8], previously_derived: &[u8], ) -> Result<(), error::Unspecified> { if previously_derived.is_empty() { diff --git a/src/pkcs8.rs b/src/pkcs8.rs index 498308c3ff..63588c8db5 100644 --- a/src/pkcs8.rs +++ b/src/pkcs8.rs @@ -49,9 +49,13 @@ pub(crate) struct Template { impl Template { #[inline] - fn alg_id_value(&self) -> untrusted::Input { untrusted::Input::from(self.alg_id_value_()) } + fn alg_id_value(&self) -> untrusted::Input { + untrusted::Input::from(self.alg_id_value_()) + } - fn alg_id_value_(&self) -> &[u8] { &self.bytes[self.alg_id_range.start..self.alg_id_range.end] } + fn alg_id_value_(&self) -> &[u8] { + &self.bytes[self.alg_id_range.start..self.alg_id_range.end] + } #[inline] pub fn curve_oid(&self) -> untrusted::Input { @@ -66,7 +70,9 @@ impl Template { /// /// [RFC 5958]: https://tools.ietf.org/html/rfc5958. pub(crate) fn unwrap_key<'a>( - template: &Template, version: Version, input: untrusted::Input<'a>, + template: &Template, + version: Version, + input: untrusted::Input<'a>, ) -> Result<(untrusted::Input<'a>, Option>), error::KeyRejected> { unwrap_key_(template.alg_id_value(), version, input) } @@ -82,7 +88,9 @@ pub(crate) fn unwrap_key<'a>( /// /// [RFC 5958]: https://tools.ietf.org/html/rfc5958. pub(crate) fn unwrap_key_<'a>( - alg_id: untrusted::Input, version: Version, input: untrusted::Input<'a>, + alg_id: untrusted::Input, + version: Version, + input: untrusted::Input<'a>, ) -> Result<(untrusted::Input<'a>, Option>), error::KeyRejected> { input.read_all(error::KeyRejected::invalid_encoding(), |input| { der::nested( @@ -95,7 +103,9 @@ pub(crate) fn unwrap_key_<'a>( } fn unwrap_key__<'a>( - alg_id: untrusted::Input, version: Version, input: &mut untrusted::Reader<'a>, + alg_id: untrusted::Input, + version: Version, + input: &mut untrusted::Reader<'a>, ) -> Result<(untrusted::Input<'a>, Option>), error::KeyRejected> { let actual_version = der::small_nonnegative_integer(input) .map_err(|error::Unspecified| error::KeyRejected::invalid_encoding())?; @@ -121,7 +131,7 @@ fn unwrap_key__<'a>( (1, Version::V1OrV2) | (1, Version::V2Only) => true, _ => { return Err(error::KeyRejected::version_not_supported()); - }, + } }; let private_key = der::expect_tag_and_get_value(input, der::Tag::OctetString) @@ -160,7 +170,9 @@ pub struct Document { impl AsRef<[u8]> for Document { #[inline] - fn as_ref(&self) -> &[u8] { &self.bytes[..self.len] } + fn as_ref(&self) -> &[u8] { + &self.bytes[..self.len] + } } pub(crate) fn wrap_key(template: &Template, private_key: &[u8], public_key: &[u8]) -> Document { diff --git a/src/polyfill.rs b/src/polyfill.rs index 02e457bfa5..39db5d4858 100644 --- a/src/polyfill.rs +++ b/src/polyfill.rs @@ -21,10 +21,14 @@ use core; pub mod convert; #[inline(always)] -pub const fn u64_from_usize(x: usize) -> u64 { x as u64 } +pub const fn u64_from_usize(x: usize) -> u64 { + x as u64 +} #[inline(always)] -pub fn usize_from_u32(x: u32) -> usize { x as usize } +pub fn usize_from_u32(x: u32) -> usize { + x as usize +} /// `core::num::Wrapping` doesn't support `rotate_left`. /// There is no usable trait for `rotate_left`, so this polyfill just diff --git a/src/polyfill/convert.rs b/src/polyfill/convert.rs index c98ff2d126..c5247c2757 100644 --- a/src/polyfill/convert.rs +++ b/src/polyfill/convert.rs @@ -32,7 +32,9 @@ where T: From_, { #[inline] - fn into_(self) -> T { T::from_(self) } + fn into_(self) -> T { + T::from_(self) + } } /// An approximation of the unstable `core::convert::TryFrom`. @@ -59,7 +61,9 @@ where type Error = >::Error; #[inline] - fn try_into_(self) -> Result { T::try_from_(self) } + fn try_into_(self) -> Result { + T::try_from_(self) + } } #[derive(Debug)] @@ -101,7 +105,8 @@ unsafe fn transmute_slice(slice: &[T], expected_len: usize) -> Result<&A, } unsafe fn transmute_slice_mut( - slice: &mut [T], expected_len: usize, + slice: &mut [T], + expected_len: usize, ) -> Result<&mut A, TryFromSliceError> { if slice.len() != expected_len { return Err(TryFromSliceError(())); diff --git a/src/rand.rs b/src/rand.rs index b701891e8c..2f73ce381c 100644 --- a/src/rand.rs +++ b/src/rand.rs @@ -83,12 +83,16 @@ pub struct SystemRandom; impl SystemRandom { /// Constructs a new `SystemRandom`. #[inline(always)] - pub fn new() -> Self { Self } + pub fn new() -> Self { + Self + } } impl SecureRandom for SystemRandom { #[inline(always)] - fn fill(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> { fill_impl(dest) } + fn fill(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> { + fill_impl(dest) + } } impl sealed::Sealed for SystemRandom {} @@ -227,7 +231,7 @@ mod urandom { Ok(ref file) => { use std::io::Read; (&*file).read_exact(dest).map_err(|_| error::Unspecified) - }, + } Err(_) => Err(error::Unspecified), } } @@ -290,7 +294,9 @@ mod darwin { // For now `rnd` must be `kSecRandomDefault`. #[must_use] fn SecRandomCopyBytes( - rnd: &'static SecRandomRef, count: libc::size_t, bytes: *mut u8, + rnd: &'static SecRandomRef, + count: libc::size_t, + bytes: *mut u8, ) -> libc::c_int; } } diff --git a/src/rsa/bigint.rs b/src/rsa/bigint.rs index eff45f1dae..b9cdd22566 100644 --- a/src/rsa/bigint.rs +++ b/src/rsa/bigint.rs @@ -73,12 +73,16 @@ struct BoxedLimbs { impl Deref for BoxedLimbs { type Target = [Limb]; #[inline] - fn deref(&self) -> &Self::Target { &self.limbs } + fn deref(&self) -> &Self::Target { + &self.limbs + } } impl DerefMut for BoxedLimbs { #[inline] - fn deref_mut(&mut self) -> &mut Self::Target { &mut self.limbs } + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.limbs + } } // TODO: `derive(Clone)` after https://github.com/rust-lang/rust/issues/26925 @@ -121,7 +125,8 @@ impl BoxedLimbs { } fn from_be_bytes_padded_less_than( - input: untrusted::Input, m: &Modulus, + input: untrusted::Input, + m: &Modulus, ) -> Result { let mut r = Self::zero(m.width()); limb::parse_big_endian_and_pad_consttime(input, &mut r)?; @@ -132,7 +137,9 @@ impl BoxedLimbs { } #[inline] - fn is_zero(&self) -> bool { limb::limbs_are_zero_constant_time(&self.limbs) == LimbMask::True } + fn is_zero(&self) -> bool { + limb::limbs_are_zero_constant_time(&self.limbs) == LimbMask::True + } fn zero(width: Width) -> Self { use std::borrow::ToOwned; @@ -301,7 +308,9 @@ impl Modulus { } #[inline] - fn width(&self) -> Width { self.limbs.width() } + fn width(&self) -> Width { + self.limbs.width() + } fn zero(&self) -> Elem { Elem { @@ -317,7 +326,9 @@ impl Modulus { r } - pub fn oneRR(&self) -> &One { &self.oneRR } + pub fn oneRR(&self) -> &One { + &self.oneRR + } pub fn to_elem(&self, l: &Modulus) -> Elem where @@ -390,7 +401,9 @@ impl Clone for Elem { impl Elem { #[inline] - pub fn is_zero(&self) -> bool { self.limbs.is_zero() } + pub fn is_zero(&self) -> bool { + self.limbs.is_zero() + } } impl Elem { @@ -414,12 +427,15 @@ impl Elem { impl Elem { #[inline] - pub fn into_unencoded(self, m: &Modulus) -> Elem { self.decode_once(m) } + pub fn into_unencoded(self, m: &Modulus) -> Elem { + self.decode_once(m) + } } impl Elem { pub fn from_be_bytes_padded( - input: untrusted::Input, m: &Modulus, + input: untrusted::Input, + m: &Modulus, ) -> Result { Ok(Elem { limbs: BoxedLimbs::from_be_bytes_padded_less_than(input, m)?, @@ -445,7 +461,9 @@ impl Elem { } pub fn elem_mul( - a: &Elem, b: Elem, m: &Modulus, + a: &Elem, + b: Elem, + m: &Modulus, ) -> Elem::Output> where (AF, BF): ProductEncoding, @@ -454,7 +472,9 @@ where } fn elem_mul_( - a: &Elem, mut b: Elem, m: &PartialModulus, + a: &Elem, + mut b: Elem, + m: &PartialModulus, ) -> Elem::Output> where (AF, BF): ProductEncoding, @@ -481,7 +501,8 @@ fn elem_mul_by_2(a: &mut Elem, m: &PartialModulus) { } pub fn elem_reduced_once>( - a: &Elem, m: &Modulus, + a: &Elem, + m: &Modulus, ) -> Elem { let mut r = a.limbs.clone(); assert!(r.len() <= m.limbs.len()); @@ -497,12 +518,18 @@ pub fn elem_reduced_once>( #[inline] pub fn elem_reduced>( - a: &Elem, m: &Modulus, + a: &Elem, + m: &Modulus, ) -> Result, error::Unspecified> { extern "C" { fn GFp_bn_from_montgomery_in_place( - r: *mut Limb, num_r: size_t, a: *mut Limb, num_a: size_t, n: *const Limb, - num_n: size_t, n0: &N0, + r: *mut Limb, + num_r: size_t, + a: *mut Limb, + num_a: size_t, + n: *const Limb, + num_n: size_t, + n0: &N0, ) -> bssl::Result; } @@ -526,7 +553,8 @@ pub fn elem_reduced>( } fn elem_squared( - mut a: Elem, m: &PartialModulus, + mut a: Elem, + m: &PartialModulus, ) -> Elem::Output> where (E, E): ProductEncoding, @@ -539,7 +567,8 @@ where } pub fn elem_widen>( - a: Elem, m: &Modulus, + a: Elem, + m: &Modulus, ) -> Elem { let mut r = m.zero(); r.limbs[..a.limbs.len()].copy_from_slice(&a.limbs); @@ -551,7 +580,11 @@ pub fn elem_add(mut a: Elem, b: Elem, m: &Modulus) -> Elem< extern "C" { // `r` and `a` may alias. fn LIMBS_add_mod( - r: *mut Limb, a: *const Limb, b: *const Limb, m: *const Limb, num_limbs: size_t, + r: *mut Limb, + a: *const Limb, + b: *const Limb, + m: *const Limb, + num_limbs: size_t, ); } unsafe { @@ -571,7 +604,11 @@ pub fn elem_sub(mut a: Elem, b: &Elem, m: &Modulus) -> Elem extern "C" { // `r` and `a` may alias. fn LIMBS_sub_mod( - r: *mut Limb, a: *const Limb, b: *const Limb, m: *const Limb, num_limbs: size_t, + r: *mut Limb, + a: *const Limb, + b: *const Limb, + m: *const Limb, + num_limbs: size_t, ); } unsafe { @@ -637,7 +674,9 @@ impl One { } impl AsRef> for One { - fn as_ref(&self) -> &Elem { &self.0 } + fn as_ref(&self) -> &Elem { + &self.0 + } } /// A non-secret odd positive value in the range @@ -647,7 +686,8 @@ pub struct PublicExponent(u64); impl PublicExponent { pub fn from_be_bytes( - input: untrusted::Input, min_value: u64, + input: untrusted::Input, + min_value: u64, ) -> Result { if input.len() > 5 { return Err(error::KeyRejected::too_large()); @@ -710,7 +750,9 @@ const PUBLIC_EXPONENT_MAX_VALUE: u64 = (1u64 << 33) - 1; // TODO: The test coverage needs to be expanded, e.g. test with the largest // accepted exponent and with the most common values of 65537 and 3. pub fn elem_exp_vartime( - base: Elem, PublicExponent(exponent): PublicExponent, m: &Modulus, + base: Elem, + PublicExponent(exponent): PublicExponent, + m: &Modulus, ) -> Elem { let base = elem_mul(m.oneRR().as_ref(), base, &m); elem_exp_vartime_(base, exponent, &m.as_partial()) @@ -760,7 +802,8 @@ pub struct PrivateExponent { impl PrivateExponent { pub fn from_be_bytes_padded( - input: untrusted::Input, p: &Modulus, + input: untrusted::Input, + p: &Modulus, ) -> Result { let dP = BoxedLimbs::from_be_bytes_padded_less_than(input, p)?; @@ -793,7 +836,9 @@ impl PrivateExponent { #[cfg(not(target_arch = "x86_64"))] pub fn elem_exp_consttime( - base: Elem, exponent: &PrivateExponent, m: &Modulus, + base: Elem, + exponent: &PrivateExponent, + m: &Modulus, ) -> Result, error::Unspecified> { use crate::limb::Window; @@ -807,7 +852,10 @@ pub fn elem_exp_consttime( fn gather(table: &[Limb], i: Window, r: &mut Elem) { extern "C" { fn LIMBS_select_512_32( - r: *mut Limb, table: *const Limb, num_limbs: size_t, i: Window, + r: *mut Limb, + table: *const Limb, + num_limbs: size_t, + i: Window, ) -> bssl::Result; } Result::from(unsafe { @@ -817,7 +865,11 @@ pub fn elem_exp_consttime( } fn power( - table: &[Limb], i: Window, mut acc: Elem, mut tmp: Elem, m: &Modulus, + table: &[Limb], + i: Window, + mut acc: Elem, + mut tmp: Elem, + m: &Modulus, ) -> (Elem, Elem) { for _ in 0..WINDOW_BITS { acc = elem_squared(acc, &m.as_partial()); @@ -872,14 +924,17 @@ pub fn elem_exp_consttime( /// Uses Fermat's Little Theorem to calculate modular inverse in constant time. pub fn elem_inverse_consttime( - a: Elem, m: &Modulus, + a: Elem, + m: &Modulus, ) -> Result, error::Unspecified> { elem_exp_consttime(a, &PrivateExponent::for_flt(&m), m) } #[cfg(target_arch = "x86_64")] pub fn elem_exp_consttime( - base: Elem, exponent: &PrivateExponent, m: &Modulus, + base: Elem, + exponent: &PrivateExponent, + m: &Modulus, ) -> Result, error::Unspecified> { // The x86_64 assembly was written under the assumption that the input data // is aligned to `MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH` bytes, which was/is @@ -960,8 +1015,13 @@ pub fn elem_exp_consttime( fn gather_mul_base(table: &[Limb], state: &mut [Limb], n0: &N0, i: Window, num_limbs: usize) { extern "C" { fn GFp_bn_mul_mont_gather5( - rp: *mut Limb, ap: *const Limb, table: *const Limb, np: *const Limb, n0: &N0, - num: size_t, power: Window, + rp: *mut Limb, + ap: *const Limb, + table: *const Limb, + np: *const Limb, + n0: &N0, + num: size_t, + power: Window, ); } unsafe { @@ -980,8 +1040,13 @@ pub fn elem_exp_consttime( fn power(table: &[Limb], state: &mut [Limb], n0: &N0, i: Window, num_limbs: usize) { extern "C" { fn GFp_bn_power5( - r: *mut Limb, a: *const Limb, table: *const Limb, n: *const Limb, n0: &N0, - num: size_t, i: Window, + r: *mut Limb, + a: *const Limb, + table: *const Limb, + n: *const Limb, + n0: &N0, + num: size_t, + i: Window, ); } unsafe { @@ -1033,7 +1098,11 @@ pub fn elem_exp_consttime( extern "C" { fn GFp_bn_from_montgomery( - r: *mut Limb, a: *const Limb, not_used: *const Limb, n: *const Limb, n0: &N0, + r: *mut Limb, + a: *const Limb, + not_used: *const Limb, + n: *const Limb, + n0: &N0, num: size_t, ) -> bssl::Result; } @@ -1057,7 +1126,9 @@ pub fn elem_exp_consttime( /// Verified a == b**-1 (mod m), i.e. a**-1 == b (mod m). pub fn verify_inverses_consttime( - a: &Elem, b: Elem, m: &Modulus, + a: &Elem, + b: Elem, + m: &Modulus, ) -> Result<(), error::Unspecified> { if elem_mul(a, b, m).is_one() { Ok(()) @@ -1068,7 +1139,8 @@ pub fn verify_inverses_consttime( #[inline] pub fn elem_verify_equal_consttime( - a: &Elem, b: &Elem, + a: &Elem, + b: &Elem, ) -> Result<(), error::Unspecified> { if limb::limbs_equal_limbs_consttime(&a.limbs, &b.limbs) == LimbMask::True { Ok(()) @@ -1210,7 +1282,12 @@ fn limbs_mont_square(r: &mut [Limb], m: &[Limb], n0: &N0) { extern "C" { // `r` and/or 'a' and/or 'b' may alias. fn GFp_bn_mul_mont( - r: *mut Limb, a: *const Limb, b: *const Limb, n: *const Limb, n0: &N0, num_limbs: size_t, + r: *mut Limb, + a: *const Limb, + b: *const Limb, + n: *const Limb, + n0: &N0, + num_limbs: size_t, ); } @@ -1365,14 +1442,18 @@ mod tests { } fn consume_elem( - test_case: &mut test::TestCase, name: &str, m: &Modulus, + test_case: &mut test::TestCase, + name: &str, + m: &Modulus, ) -> Elem { let value = test_case.consume_bytes(name); Elem::from_be_bytes_padded(untrusted::Input::from(&value), m).unwrap() } fn consume_elem_unchecked( - test_case: &mut test::TestCase, name: &str, num_limbs: usize, + test_case: &mut test::TestCase, + name: &str, + num_limbs: usize, ) -> Elem { let value = consume_nonnegative(test_case, name); let mut limbs = BoxedLimbs::zero(Width { diff --git a/src/rsa/padding.rs b/src/rsa/padding.rs index 81e70de89e..f733cbbd8c 100644 --- a/src/rsa/padding.rs +++ b/src/rsa/padding.rs @@ -33,7 +33,10 @@ pub trait Padding: 'static + Sync + crate::sealed::Sealed + core::fmt::Debug { pub trait RsaEncoding: Padding { #[doc(hidden)] fn encode( - &self, m_hash: &digest::Digest, m_out: &mut [u8], mod_bits: bits::BitLength, + &self, + m_hash: &digest::Digest, + m_out: &mut [u8], + mod_bits: bits::BitLength, rng: &rand::SecureRandom, ) -> Result<(), error::Unspecified>; } @@ -44,7 +47,10 @@ pub trait RsaEncoding: Padding { /// [RFC 3447 Section 8]: https://tools.ietf.org/html/rfc3447#section-8 pub trait Verification: Padding { fn verify( - &self, m_hash: &digest::Digest, m: &mut untrusted::Reader, mod_bits: bits::BitLength, + &self, + m_hash: &digest::Digest, + m: &mut untrusted::Reader, + mod_bits: bits::BitLength, ) -> Result<(), error::Unspecified>; } @@ -63,13 +69,18 @@ pub struct PKCS1 { impl crate::sealed::Sealed for PKCS1 {} impl Padding for PKCS1 { - fn digest_alg(&self) -> &'static digest::Algorithm { self.digest_alg } + fn digest_alg(&self) -> &'static digest::Algorithm { + self.digest_alg + } } #[cfg(feature = "use_heap")] impl RsaEncoding for PKCS1 { fn encode( - &self, m_hash: &digest::Digest, m_out: &mut [u8], _mod_bits: bits::BitLength, + &self, + m_hash: &digest::Digest, + m_out: &mut [u8], + _mod_bits: bits::BitLength, _rng: &rand::SecureRandom, ) -> Result<(), error::Unspecified> { pkcs1_encode(&self, m_hash, m_out); @@ -79,7 +90,10 @@ impl RsaEncoding for PKCS1 { impl Verification for PKCS1 { fn verify( - &self, m_hash: &digest::Digest, m: &mut untrusted::Reader, mod_bits: bits::BitLength, + &self, + m_hash: &digest::Digest, + m: &mut untrusted::Reader, + mod_bits: bits::BitLength, ) -> Result<(), error::Unspecified> { // `mod_bits.as_usize_bytes_rounded_up() <= // PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN` is ensured by `verify_rsa_()`. @@ -213,14 +227,19 @@ impl crate::sealed::Sealed for PSS {} const MAX_SALT_LEN: usize = digest::MAX_OUTPUT_LEN; impl Padding for PSS { - fn digest_alg(&self) -> &'static digest::Algorithm { self.digest_alg } + fn digest_alg(&self) -> &'static digest::Algorithm { + self.digest_alg + } } impl RsaEncoding for PSS { // Implement padding procedure per EMSA-PSS, // https://tools.ietf.org/html/rfc3447#section-9.1. fn encode( - &self, m_hash: &digest::Digest, m_out: &mut [u8], mod_bits: bits::BitLength, + &self, + m_hash: &digest::Digest, + m_out: &mut [u8], + mod_bits: bits::BitLength, rng: &rand::SecureRandom, ) -> Result<(), error::Unspecified> { let metrics = PSSMetrics::new(self.digest_alg, mod_bits)?; @@ -289,7 +308,10 @@ impl Verification for PSS { // RSASSA-PSS-VERIFY from https://tools.ietf.org/html/rfc3447#section-8.1.2 // where steps 1, 2(a), and 2(b) have been done for us. fn verify( - &self, m_hash: &digest::Digest, m: &mut untrusted::Reader, mod_bits: bits::BitLength, + &self, + m_hash: &digest::Digest, + m: &mut untrusted::Reader, + mod_bits: bits::BitLength, ) -> Result<(), error::Unspecified> { let metrics = PSSMetrics::new(self.digest_alg, mod_bits)?; @@ -387,7 +409,8 @@ struct PSSMetrics { impl PSSMetrics { fn new( - digest_alg: &'static digest::Algorithm, mod_bits: bits::BitLength, + digest_alg: &'static digest::Algorithm, + mod_bits: bits::BitLength, ) -> Result { let em_bits = mod_bits.try_sub_1()?; let em_len = em_bits.as_usize_bytes_rounded_up(); @@ -426,7 +449,9 @@ impl PSSMetrics { // Mask-generating function MGF1 as described in // https://tools.ietf.org/html/rfc3447#appendix-B.2.1. fn mgf1( - digest_alg: &'static digest::Algorithm, seed: &[u8], mask: &mut [u8], + digest_alg: &'static digest::Algorithm, + seed: &[u8], + mask: &mut [u8], ) -> Result<(), error::Unspecified> { let digest_len = digest_alg.output_len; @@ -446,7 +471,9 @@ fn mgf1( } fn pss_digest( - digest_alg: &'static digest::Algorithm, m_hash: &digest::Digest, salt: &[u8], + digest_alg: &'static digest::Algorithm, + m_hash: &digest::Digest, + salt: &[u8], ) -> digest::Digest { // Fixed prefix. const PREFIX_ZEROS: [u8; 8] = [0u8; 8]; diff --git a/src/rsa/signing.rs b/src/rsa/signing.rs index 5c8415d360..c7fdc3005a 100644 --- a/src/rsa/signing.rs +++ b/src/rsa/signing.rs @@ -209,7 +209,7 @@ impl RsaKeyPair { Err(error::Unspecified) => { // TODO: verify `q` and `qInv` are inverses (mod p). ((q, q_bits, dQ), (p, p_bits, dP, None)) - }, + } }; // XXX: Some steps are done out of order, but the NIST steps are worded @@ -388,7 +388,9 @@ impl RsaKeyPair { impl signature::KeyPair for RsaKeyPair { type PublicKey = RsaSubjectPublicKey; - fn public_key(&self) -> &Self::PublicKey { &self.public_key } + fn public_key(&self) -> &Self::PublicKey { + &self.public_key + } } /// A serialized RSA public key. @@ -396,7 +398,9 @@ impl signature::KeyPair for RsaKeyPair { pub struct RsaSubjectPublicKey(Box<[u8]>); impl AsRef<[u8]> for RsaSubjectPublicKey { - fn as_ref(&self) -> &[u8] { self.0.as_ref() } + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } } derive_debug_self_as_ref_hex_bytes!(RsaSubjectPublicKey); @@ -462,7 +466,8 @@ impl PrivatePrime { } fn elem_exp_consttime( - c: &bigint::Elem, p: &PrivatePrime, + c: &bigint::Elem, + p: &PrivatePrime, ) -> Result, error::Unspecified> where M: bigint::NotMuchSmallerModulus, @@ -527,7 +532,10 @@ impl RsaKeyPair { /// x86-64, this is done pretty well, but not perfectly. On other /// platforms, it is done less perfectly. pub fn sign( - &self, padding_alg: &'static RsaEncoding, rng: &rand::SecureRandom, msg: &[u8], + &self, + padding_alg: &'static RsaEncoding, + rng: &rand::SecureRandom, + msg: &[u8], signature: &mut [u8], ) -> Result<(), error::Unspecified> { let mod_bits = self.public.n_bits; diff --git a/src/rsa/verification.rs b/src/rsa/verification.rs index 7a95c7f552..354256a790 100644 --- a/src/rsa/verification.rs +++ b/src/rsa/verification.rs @@ -28,8 +28,11 @@ pub struct Key { impl Key { pub fn from_modulus_and_exponent( - n: untrusted::Input, e: untrusted::Input, n_min_bits: bits::BitLength, - n_max_bits: bits::BitLength, e_min_value: u64, + n: untrusted::Input, + e: untrusted::Input, + n_min_bits: bits::BitLength, + n_max_bits: bits::BitLength, + e_min_value: u64, ) -> Result { // This is an incomplete implementation of NIST SP800-56Br1 Section // 6.4.2.2, "Partial Public-Key Validation for RSA." That spec defers @@ -79,7 +82,10 @@ impl Key { impl signature::VerificationAlgorithm for RsaParameters { fn verify( - &self, public_key: untrusted::Input, msg: untrusted::Input, signature: untrusted::Input, + &self, + public_key: untrusted::Input, + msg: untrusted::Input, + signature: untrusted::Input, ) -> Result<(), error::Unspecified> { let (n, e) = parse_public_key(public_key)?; verify_rsa_( @@ -225,7 +231,10 @@ where /// (padding, digest algorithm, key length range, etc.) are used in the /// verification. pub fn verify( - &self, params: &RsaParameters, message: &[u8], signature: &[u8], + &self, + params: &RsaParameters, + message: &[u8], + signature: &[u8], ) -> Result<(), error::Unspecified> { let _ = cpu::features(); verify_rsa_( @@ -241,7 +250,9 @@ where } pub(crate) fn verify_rsa_( - params: &RsaParameters, (n, e): (untrusted::Input, untrusted::Input), msg: untrusted::Input, + params: &RsaParameters, + (n, e): (untrusted::Input, untrusted::Input), + msg: untrusted::Input, signature: untrusted::Input, ) -> Result<(), error::Unspecified> { let max_bits = bits::BitLength::from_usize_bytes(PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN)?; diff --git a/src/signature.rs b/src/signature.rs index 51f84262c5..358ac8c361 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -330,7 +330,9 @@ impl Signature { } impl AsRef<[u8]> for Signature { - fn as_ref(&self) -> &[u8] { &self.value[..self.len] } + fn as_ref(&self) -> &[u8] { + &self.value[..self.len] + } } /// Key pairs for signing messages (private key and public key). @@ -354,7 +356,10 @@ pub trait VerificationAlgorithm: core::fmt::Debug + Sync + sealed::Sealed { /// Verify the signature `signature` of message `msg` with the public key /// `public_key`. fn verify( - &self, public_key: untrusted::Input, msg: untrusted::Input, signature: untrusted::Input, + &self, + public_key: untrusted::Input, + msg: untrusted::Input, + signature: untrusted::Input, ) -> Result<(), error::Unspecified>; } @@ -406,7 +411,9 @@ impl> UnparsedPublicKey { /// [UnparsedPublicKey::verify()]: UnparsedPublicKey::verify #[deprecated(note = "Use UnparsedPublicKey::verify")] pub fn verify( - algorithm: &'static VerificationAlgorithm, public_key: untrusted::Input, msg: untrusted::Input, + algorithm: &'static VerificationAlgorithm, + public_key: untrusted::Input, + msg: untrusted::Input, signature: untrusted::Input, ) -> Result<(), error::Unspecified> { UnparsedPublicKey::new(algorithm, public_key.as_slice_less_safe()) diff --git a/src/test.rs b/src/test.rs index 68d28dfef4..24e4675b62 100644 --- a/src/test.rs +++ b/src/test.rs @@ -208,18 +208,18 @@ impl TestCase { } else { panic!("Invalid hex escape sequence in string."); } - }, + } _ => { panic!("Invalid hex escape sequence in string."); - }, + } } - }, + } Some(b'"') => { if s.next().is_some() { panic!("characters after the closing quote of a quoted string."); } break; - }, + } Some(b) => *b, None => panic!("Missing terminating '\"' in string literal."), }; @@ -232,7 +232,7 @@ impl TestCase { Ok(s) => s, Err(err_str) => { panic!("{} in {}", err_str, s); - }, + } } } } @@ -325,7 +325,7 @@ where failed = true; Err("Test didn't consume all attributes.") } - }, + } Ok(Err(_)) => Err("Test returned Err(error::Unspecified)."), Err(_) => Err("Test panicked."), }; @@ -377,7 +377,8 @@ fn from_hex_digit(d: u8) -> Result { } fn parse_test_case( - current_section: &mut String, lines: &mut Iterator, + current_section: &mut String, + lines: &mut Iterator, ) -> Option { let mut attributes = Vec::new(); @@ -396,12 +397,12 @@ fn parse_test_case( // then we're done. None if is_first_line => { return None; - }, + } // End of the file on a non-empty test cases ends the test case. None => { return Some(TestCase { attributes }); - }, + } // A blank line ends a test case if the test case isn't empty. Some(ref line) if line.is_empty() => { @@ -409,7 +410,7 @@ fn parse_test_case( return Some(TestCase { attributes }); } // Ignore leading blank lines. - }, + } // Comments start with '#'; ignore them. Some(ref line) if line.starts_with('#') => (), @@ -421,7 +422,7 @@ fn parse_test_case( current_section.push_str(line); let _ = current_section.pop(); let _ = current_section.remove(0); - }, + } Some(ref line) => { is_first_line = false; @@ -440,7 +441,7 @@ fn parse_test_case( // Checking is_none() ensures we don't accept duplicate keys. attributes.push((String::from(key), String::from(value), false)); - }, + } } } } @@ -559,15 +560,21 @@ mod tests { #[test] #[should_panic(expected = "Test failed.")] - fn first_err() { err_one(0) } + fn first_err() { + err_one(0) + } #[test] #[should_panic(expected = "Test failed.")] - fn middle_err() { err_one(1) } + fn middle_err() { + err_one(1) + } #[test] #[should_panic(expected = "Test failed.")] - fn last_err() { err_one(2) } + fn last_err() { + err_one(2) + } fn err_one(test_to_fail: usize) { let mut n = 0; @@ -585,15 +592,21 @@ mod tests { #[test] #[should_panic(expected = "Test failed.")] - fn first_panic() { panic_one(0) } + fn first_panic() { + panic_one(0) + } #[test] #[should_panic(expected = "Test failed.")] - fn middle_panic() { panic_one(1) } + fn middle_panic() { + panic_one(1) + } #[test] #[should_panic(expected = "Test failed.")] - fn last_panic() { panic_one(2) } + fn last_panic() { + panic_one(2) + } fn panic_one(test_to_fail: usize) { let mut n = 0; @@ -609,5 +622,7 @@ mod tests { #[test] #[should_panic(expected = "Syntax error: Expected Key = Value.")] - fn syntax_error() { test::run(test_file!("test_1_syntax_error_tests.txt"), |_, _| Ok(())); } + fn syntax_error() { + test::run(test_file!("test_1_syntax_error_tests.txt"), |_, _| Ok(())); + } } diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs index 6a062d432c..e660c834fa 100644 --- a/tests/aead_tests.rs +++ b/tests/aead_tests.rs @@ -34,10 +34,14 @@ use ring::{aead, error, test, test_file}; #[test] -fn aead_aes_gcm_128() { test_aead(&aead::AES_128_GCM, test_file!("aead_aes_128_gcm_tests.txt")); } +fn aead_aes_gcm_128() { + test_aead(&aead::AES_128_GCM, test_file!("aead_aes_128_gcm_tests.txt")); +} #[test] -fn aead_aes_gcm_256() { test_aead(&aead::AES_256_GCM, test_file!("aead_aes_256_gcm_tests.txt")); } +fn aead_aes_gcm_256() { + test_aead(&aead::AES_256_GCM, test_file!("aead_aes_256_gcm_tests.txt")); +} #[test] fn aead_chacha20_poly1305() { @@ -64,7 +68,7 @@ fn test_aead(aead_alg: &'static aead::Algorithm, test_file: test::File) { Some(err) if err == "WRONG_NONCE_LENGTH" => { assert!(aead::Nonce::try_assume_unique_for_key(&nonce).is_err()); return Ok(()); - }, + } _ => (), }; @@ -177,14 +181,14 @@ fn test_aead(aead_alg: &'static aead::Algorithm, test_file: test::File) { None => { assert!(s_result.is_ok()); assert_eq!(&plaintext[..], o_result.unwrap()); - }, + } Some(ref error) if error == "WRONG_NONCE_LENGTH" => { assert_eq!(Err(error::Unspecified), s_result); assert_eq!(Err(error::Unspecified), o_result); - }, + } Some(error) => { unreachable!("Unexpected error test case: {}", error); - }, + } }; } diff --git a/tests/agreement_tests.rs b/tests/agreement_tests.rs index 5d059e1f34..1d22b9fd42 100644 --- a/tests/agreement_tests.rs +++ b/tests/agreement_tests.rs @@ -64,7 +64,7 @@ fn agreement_agree_ephemeral() { }) .is_ok() ); - }, + } Some(_) => { // In the no-heap mode, some algorithms aren't supported so @@ -83,7 +83,7 @@ fn agreement_agree_ephemeral() { kdf_not_called ) .is_err()); - }, + } } return Ok(()); @@ -96,7 +96,10 @@ fn test_agreement_ecdh_x25519_rfc_iterated() { let mut u = k.clone(); fn expect_iterated_x25519( - expected_result: &str, range: std::ops::Range, k: &mut Vec, u: &mut Vec, + expected_result: &str, + range: std::ops::Range, + k: &mut Vec, + u: &mut Vec, ) { for _ in range { let new_k = x25519(k, u); @@ -160,7 +163,7 @@ fn h(s: &str) -> Vec { Ok(v) => v, Err(msg) => { panic!("{} in {}", msg, s); - }, + } } } diff --git a/tests/ecdsa_tests.rs b/tests/ecdsa_tests.rs index 5b6e5f9c6e..b6a1ea864b 100644 --- a/tests/ecdsa_tests.rs +++ b/tests/ecdsa_tests.rs @@ -151,7 +151,7 @@ fn signature_ecdsa_verify_asn1_test() { ("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_ASN1, _ => { panic!("Unsupported curve+digest: {}+{}", curve_name, digest_name); - }, + } }; let actual_result = @@ -192,7 +192,7 @@ fn signature_ecdsa_verify_fixed_test() { ("P-384", "SHA384") => &signature::ECDSA_P384_SHA384_FIXED, _ => { panic!("Unsupported curve+digest: {}+{}", curve_name, digest_name); - }, + } }; let is_valid = expected_result == "P (0 )"; diff --git a/tests/hmac_tests.rs b/tests/hmac_tests.rs index 8b8bdb7eb6..cccd5ca49b 100644 --- a/tests/hmac_tests.rs +++ b/tests/hmac_tests.rs @@ -46,7 +46,7 @@ fn hmac_tests() { Some(digest_alg) => digest_alg, None => { return Ok(()); - }, // Unsupported digest algorithm + } // Unsupported digest algorithm }; hmac_test_case_inner(digest_alg, &key_value[..], &input[..], &output[..], true)?; @@ -63,7 +63,10 @@ fn hmac_tests() { } fn hmac_test_case_inner( - digest_alg: &'static digest::Algorithm, key_value: &[u8], input: &[u8], output: &[u8], + digest_alg: &'static digest::Algorithm, + key_value: &[u8], + input: &[u8], + output: &[u8], is_ok: bool, ) -> Result<(), error::Unspecified> { let key = hmac::Key::new(digest_alg, key_value); diff --git a/tests/quic_tests.rs b/tests/quic_tests.rs index dcdf549fe8..26ccdc912b 100644 --- a/tests/quic_tests.rs +++ b/tests/quic_tests.rs @@ -34,13 +34,19 @@ use ring::{aead::quic, test, test_file}; #[test] -fn quic_aes_128() { test_quic(&quic::AES_128, test_file!("quic_aes_128_tests.txt")); } +fn quic_aes_128() { + test_quic(&quic::AES_128, test_file!("quic_aes_128_tests.txt")); +} #[test] -fn quic_aes_256() { test_quic(&quic::AES_256, test_file!("quic_aes_256_tests.txt")); } +fn quic_aes_256() { + test_quic(&quic::AES_256, test_file!("quic_aes_256_tests.txt")); +} #[test] -fn quic_chacha20() { test_quic(&quic::CHACHA20, test_file!("quic_chacha20_tests.txt")); } +fn quic_chacha20() { + test_quic(&quic::CHACHA20, test_file!("quic_chacha20_tests.txt")); +} fn test_quic(alg: &'static quic::Algorithm, test_file: test::File) { test_sample_len(alg);