From d468a60276de2c700f19ca9da686c889090ad952 Mon Sep 17 00:00:00 2001 From: Kris Kwiatkowski Date: Sat, 21 Feb 2026 08:28:05 +0000 Subject: [PATCH] Fixes clippy and fmt --- src/asynch.rs | 2 +- src/blocking.rs | 10 ++-- src/cert_verify.rs | 3 +- src/common/decrypted_read_handler.rs | 10 ++-- src/config.rs | 7 ++- src/connection.rs | 35 ++++++++------ src/extensions/extension_data/key_share.rs | 11 +---- .../extension_data/max_fragment_length.rs | 3 +- src/extensions/mod.rs | 3 +- src/handshake/certificate.rs | 9 +++- src/handshake/certificate_verify.rs | 4 +- src/handshake/client_hello.rs | 2 +- src/handshake/mod.rs | 7 ++- src/handshake/server_hello.rs | 9 ++-- src/key_schedule.rs | 29 ++++++------ src/lib.rs | 5 +- src/native_pki.rs | 13 ++--- src/record.rs | 10 ++-- src/send_policy.rs | 11 ++--- tests/common/mod.rs | 6 ++- tests/integration.rs | 47 ++++++++++++++----- 21 files changed, 135 insertions(+), 101 deletions(-) diff --git a/src/asynch.rs b/src/asynch.rs index bacaf39..094eb2b 100644 --- a/src/asynch.rs +++ b/src/asynch.rs @@ -4,12 +4,12 @@ use crate::ProtocolError; use crate::common::decrypted_buffer_info::DecryptedBufferInfo; use crate::common::decrypted_read_handler::DecryptedReadHandler; use crate::connection::{Handshake, State, decrypt_record}; -use crate::send_policy::FlushPolicy; use crate::key_schedule::KeySchedule; use crate::key_schedule::{ReadKeySchedule, WriteKeySchedule}; use crate::read_buffer::ReadBuffer; use crate::record::{ClientRecord, ClientRecordHeader}; use crate::record_reader::{RecordReader, RecordReaderBorrowMut}; +use crate::send_policy::FlushPolicy; use crate::write_buffer::{WriteBuffer, WriteBufferBorrowMut}; use embedded_io::Error as _; use embedded_io::ErrorType; diff --git a/src/blocking.rs b/src/blocking.rs index c099350..f4f7603 100644 --- a/src/blocking.rs +++ b/src/blocking.rs @@ -3,12 +3,12 @@ use core::sync::atomic::Ordering; use crate::common::decrypted_buffer_info::DecryptedBufferInfo; use crate::common::decrypted_read_handler::DecryptedReadHandler; use crate::connection::{Handshake, State, decrypt_record}; -use crate::send_policy::FlushPolicy; use crate::key_schedule::KeySchedule; use crate::key_schedule::{ReadKeySchedule, WriteKeySchedule}; use crate::read_buffer::ReadBuffer; use crate::record::{ClientRecord, ClientRecordHeader}; use crate::record_reader::{RecordReader, RecordReaderBorrowMut}; +use crate::send_policy::FlushPolicy; use crate::write_buffer::{WriteBuffer, WriteBufferBorrowMut}; use embedded_io::Error as _; use embedded_io::{BufRead, ErrorType, Read, Write}; @@ -145,7 +145,9 @@ where #[inline] fn flush_transport(&mut self) -> Result<(), ProtocolError> { - self.delegate.flush().map_err(|e| ProtocolError::Io(e.kind())) + self.delegate + .flush() + .map_err(|e| ProtocolError::Io(e.kind())) } fn create_read_buffer(&mut self) -> ReadBuffer<'_> { @@ -382,7 +384,9 @@ where CipherSuite: TlsCipherSuite + 'static, { fn flush_transport(&mut self) -> Result<(), ProtocolError> { - self.delegate.flush().map_err(|e| ProtocolError::Io(e.kind())) + self.delegate + .flush() + .map_err(|e| ProtocolError::Io(e.kind())) } } diff --git a/src/cert_verify.rs b/src/cert_verify.rs index 6946316..ecb1ccc 100644 --- a/src/cert_verify.rs +++ b/src/cert_verify.rs @@ -160,7 +160,8 @@ where let handshake_hash = unwrap!(self.certificate_transcript.take()); let ctx_str = b"TLS 1.3, server CertificateVerify\x00"; let mut msg: Vec = Vec::new(); - msg.resize(64, 0x20).map_err(|_| ProtocolError::EncodeError)?; + msg.resize(64, 0x20) + .map_err(|_| ProtocolError::EncodeError)?; msg.extend_from_slice(ctx_str) .map_err(|_| ProtocolError::EncodeError)?; msg.extend_from_slice(&handshake_hash.finalize()) diff --git a/src/common/decrypted_read_handler.rs b/src/common/decrypted_read_handler.rs index 5c8e2a2..8083637 100644 --- a/src/common/decrypted_read_handler.rs +++ b/src/common/decrypted_read_handler.rs @@ -26,10 +26,8 @@ impl DecryptedReadHandler<'_> { && self.source_buffer.contains(&slice_ptrs.end) ); - let offset = unsafe { - - slice_ptrs.start.offset_from(self.source_buffer.start) as usize - }; + let offset = + unsafe { slice_ptrs.start.offset_from(self.source_buffer.start) as usize }; self.buffer_info.offset = offset; self.buffer_info.len = slice.len(); @@ -45,9 +43,7 @@ impl DecryptedReadHandler<'_> { } } ServerRecord::ChangeCipherSpec(_) => Err(ProtocolError::InternalError), - ServerRecord::Handshake(ServerHandshake::NewSessionTicket(_)) => { - Ok(()) - } + ServerRecord::Handshake(ServerHandshake::NewSessionTicket(_)) => Ok(()), ServerRecord::Handshake(_) => { unimplemented!() } diff --git a/src/config.rs b/src/config.rs index 35171fe..f585f1c 100644 --- a/src/config.rs +++ b/src/config.rs @@ -97,7 +97,10 @@ where Ok(()) } - fn verify_signature(&mut self, _verify: HandshakeVerifyRef) -> Result<(), crate::ProtocolError> { + fn verify_signature( + &mut self, + _verify: HandshakeVerifyRef, + ) -> Result<(), crate::ProtocolError> { Ok(()) } } @@ -206,11 +209,13 @@ impl SkipVerifyProvider<'_, (), RNG> { } impl<'a, CipherSuite: TlsCipherSuite, RNG: CryptoRngCore> SkipVerifyProvider<'a, CipherSuite, RNG> { + #[must_use] pub fn with_priv_key(mut self, priv_key: &'a [u8]) -> Self { self.priv_key = Some(priv_key); self } + #[must_use] pub fn with_cert(mut self, cert: Certificate<&'a [u8]>) -> Self { self.client_cert = Some(cert); self diff --git a/src/connection.rs b/src/connection.rs index 5f273d7..b49eb2a 100644 --- a/src/connection.rs +++ b/src/connection.rs @@ -1,10 +1,10 @@ -use crate::config::{TlsCipherSuite, ConnectConfig}; +use crate::config::{ConnectConfig, TlsCipherSuite}; use crate::handshake::{ClientHandshake, ServerHandshake}; use crate::key_schedule::{KeySchedule, ReadKeySchedule, WriteKeySchedule}; use crate::record::{ClientRecord, ServerRecord}; use crate::record_reader::RecordReader; use crate::write_buffer::WriteBuffer; -use crate::{HandshakeVerify, CryptoBackend, ProtocolError, Verifier}; +use crate::{CryptoBackend, HandshakeVerify, ProtocolError, Verifier}; use crate::{ alert::{Alert, AlertDescription, AlertLevel}, handshake::{certificate::CertificateRef, certificate_request::CertificateRequest}, @@ -43,8 +43,8 @@ where data: mut app_data, }) = record { - let server_key = key_schedule.get_key()?; - let nonce = key_schedule.get_nonce()?; + let server_key = key_schedule.get_key(); + let nonce = key_schedule.get_nonce(); let crypto = ::new(server_key); crypto @@ -59,11 +59,11 @@ where .rfind(|(_, b)| **b != 0); if let Some((index, _)) = padding { app_data.truncate(index + 1); - }; + } // The last byte of the decrypted payload is the actual ContentType (RFC 8446 §5.4) - let content_type = - ContentType::of(*app_data.as_slice().last().unwrap()).ok_or(ProtocolError::InvalidRecord)?; + let content_type = ContentType::of(*app_data.as_slice().last().unwrap()) + .ok_or(ProtocolError::InvalidRecord)?; trace!("Decrypting: content type = {:?}", content_type); @@ -102,8 +102,8 @@ pub(crate) fn encrypt( where CipherSuite: TlsCipherSuite, { - let client_key = key_schedule.get_key()?; - let nonce = key_schedule.get_nonce()?; + let client_key = key_schedule.get_key(); + let nonce = key_schedule.get_nonce(); let crypto = ::new(client_key); let len = buf.len() + ::TagSize::to_usize(); @@ -421,7 +421,10 @@ where ServerRecord::Handshake(server_handshake) => match server_handshake { ServerHandshake::ServerHello(server_hello) => { trace!("********* ServerHello"); - let secret = handshake.secret.take().ok_or(ProtocolError::InvalidHandshake)?; + let secret = handshake + .secret + .take() + .ok_or(ProtocolError::InvalidHandshake)?; let shared = server_hello .calculate_shared_secret(&secret) .ok_or(ProtocolError::InvalidKeyShare)?; @@ -430,9 +433,10 @@ where } _ => Err(ProtocolError::InvalidHandshake), }, - ServerRecord::Alert(alert) => { - Err(ProtocolError::HandshakeAborted(alert.level, alert.description)) - } + ServerRecord::Alert(alert) => Err(ProtocolError::HandshakeAborted( + alert.level, + alert.description, + )), _ => Err(ProtocolError::InvalidRecord), } } @@ -472,7 +476,7 @@ where ServerHandshake::CertificateRequest(request) => { handshake.certificate_request.replace(request.try_into()?); } - ServerHandshake::Finished(finished) => { + ServerHandshake::Finished(finished) => { if !key_schedule.verify_server_finished(&finished)? { warn!("Server signature verification failed"); return Err(ProtocolError::InvalidSignature); @@ -552,7 +556,8 @@ where let ctx_str = b"TLS 1.3, client CertificateVerify\x00"; let mut msg: heapless::Vec = heapless::Vec::new(); - msg.resize(64, 0x20).map_err(|_| ProtocolError::EncodeError)?; + msg.resize(64, 0x20) + .map_err(|_| ProtocolError::EncodeError)?; msg.extend_from_slice(ctx_str) .map_err(|_| ProtocolError::EncodeError)?; msg.extend_from_slice(&key_schedule.transcript_hash().clone().finalize()) diff --git a/src/extensions/extension_data/key_share.rs b/src/extensions/extension_data/key_share.rs index 3b8144f..ddcff81 100644 --- a/src/extensions/extension_data/key_share.rs +++ b/src/extensions/extension_data/key_share.rs @@ -108,10 +108,7 @@ mod tests { #[test] fn test_parse_empty() { setup(); - let buffer = [ - 0x00, 0x17, - 0x00, 0x00, - ]; + let buffer = [0x00, 0x17, 0x00, 0x00]; let result = KeyShareEntry::parse(&mut ParseBuffer::new(&buffer)).unwrap(); assert_eq!(NamedGroup::Secp256r1, result.group); @@ -121,11 +118,7 @@ mod tests { #[test] fn test_parse() { setup(); - let buffer = [ - 0x00, 0x17, - 0x00, 0x02, - 0xAA, 0xBB, - ]; + let buffer = [0x00, 0x17, 0x00, 0x02, 0xAA, 0xBB]; let result = KeyShareEntry::parse(&mut ParseBuffer::new(&buffer)).unwrap(); assert_eq!(NamedGroup::Secp256r1, result.group); diff --git a/src/extensions/extension_data/max_fragment_length.rs b/src/extensions/extension_data/max_fragment_length.rs index d8a30a9..ebcdfb3 100644 --- a/src/extensions/extension_data/max_fragment_length.rs +++ b/src/extensions/extension_data/max_fragment_length.rs @@ -28,6 +28,7 @@ impl MaxFragmentLength { } pub fn encode(&self, buf: &mut CryptoBuffer) -> Result<(), ProtocolError> { - buf.push(*self as u8).map_err(|_| ProtocolError::EncodeError) + buf.push(*self as u8) + .map_err(|_| ProtocolError::EncodeError) } } diff --git a/src/extensions/mod.rs b/src/extensions/mod.rs index a97c1c6..f21d9c3 100644 --- a/src/extensions/mod.rs +++ b/src/extensions/mod.rs @@ -75,6 +75,7 @@ impl ExtensionType { } pub fn encode(self, buf: &mut CryptoBuffer) -> Result<(), ProtocolError> { - buf.push_u16(self as u16).map_err(|_| ProtocolError::EncodeError) + buf.push_u16(self as u16) + .map_err(|_| ProtocolError::EncodeError) } } diff --git a/src/handshake/certificate.rs b/src/handshake/certificate.rs index c8d8bed..3efbeb4 100644 --- a/src/handshake/certificate.rs +++ b/src/handshake/certificate.rs @@ -14,6 +14,7 @@ pub struct CertificateRef<'a> { } impl<'a> CertificateRef<'a> { + #[must_use] pub fn with_context(request_context: &'a [u8]) -> Self { Self { raw_entries: &[], @@ -30,11 +31,15 @@ impl<'a> CertificateRef<'a> { } pub fn parse(buf: &mut ParseBuffer<'a>) -> Result { - let request_context_len = buf.read_u8().map_err(|_| ProtocolError::InvalidCertificate)?; + let request_context_len = buf + .read_u8() + .map_err(|_| ProtocolError::InvalidCertificate)?; let request_context = buf .slice(request_context_len as usize) .map_err(|_| ProtocolError::InvalidCertificate)?; - let entries_len = buf.read_u24().map_err(|_| ProtocolError::InvalidCertificate)?; + let entries_len = buf + .read_u24() + .map_err(|_| ProtocolError::InvalidCertificate)?; let mut raw_entries = buf .slice(entries_len as usize) .map_err(|_| ProtocolError::InvalidCertificate)?; diff --git a/src/handshake/certificate_verify.rs b/src/handshake/certificate_verify.rs index baf151c..2c299b3 100644 --- a/src/handshake/certificate_verify.rs +++ b/src/handshake/certificate_verify.rs @@ -16,7 +16,9 @@ impl<'a> HandshakeVerifyRef<'a> { let signature_scheme = SignatureScheme::parse(buf).map_err(|_| ProtocolError::InvalidSignatureScheme)?; - let len = buf.read_u16().map_err(|_| ProtocolError::InvalidSignature)?; + let len = buf + .read_u16() + .map_err(|_| ProtocolError::InvalidSignature)?; let signature = buf .slice(len as usize) .map_err(|_| ProtocolError::InvalidSignature)?; diff --git a/src/handshake/client_hello.rs b/src/handshake/client_hello.rs index 8965253..8609b99 100644 --- a/src/handshake/client_hello.rs +++ b/src/handshake/client_hello.rs @@ -8,7 +8,7 @@ use p256::elliptic_curve::rand_core::RngCore; use typenum::Unsigned; use crate::ProtocolError; -use crate::config::{TlsCipherSuite, ConnectConfig}; +use crate::config::{ConnectConfig, TlsCipherSuite}; use crate::extensions::extension_data::alpn::AlpnProtocolNameList; use crate::extensions::extension_data::key_share::{KeyShareClientHello, KeyShareEntry}; use crate::extensions::extension_data::pre_shared_key::PreSharedKeyClientHello; diff --git a/src/handshake/mod.rs b/src/handshake/mod.rs index f692d0e..333c136 100644 --- a/src/handshake/mod.rs +++ b/src/handshake/mod.rs @@ -202,11 +202,14 @@ impl<'a, CipherSuite: TlsCipherSuite> ServerHandshake<'a, CipherSuite> { } fn parse(buf: &mut ParseBuffer<'a>) -> Result { - let handshake_type = HandshakeType::parse(buf).map_err(|_| ProtocolError::InvalidHandshake)?; + let handshake_type = + HandshakeType::parse(buf).map_err(|_| ProtocolError::InvalidHandshake)?; trace!("handshake = {:?}", handshake_type); - let content_len = buf.read_u24().map_err(|_| ProtocolError::InvalidHandshake)?; + let content_len = buf + .read_u24() + .map_err(|_| ProtocolError::InvalidHandshake)?; let handshake = match handshake_type { HandshakeType::ServerHello => ServerHandshake::ServerHello(ServerHello::parse(buf)?), diff --git a/src/handshake/server_hello.rs b/src/handshake/server_hello.rs index f524941..1880c76 100644 --- a/src/handshake/server_hello.rs +++ b/src/handshake/server_hello.rs @@ -1,7 +1,7 @@ use heapless::Vec; -use crate::cipher_suites::CipherSuite; use crate::cipher::CryptoEngine; +use crate::cipher_suites::CipherSuite; use crate::extensions::extension_data::key_share::KeyShareEntry; use crate::extensions::messages::ServerHelloExtension; use crate::parse_buffer::ParseBuffer; @@ -18,7 +18,9 @@ pub struct ServerHello<'a> { impl<'a> ServerHello<'a> { pub fn parse(buf: &mut ParseBuffer<'a>) -> Result, ProtocolError> { // legacy_version is always 0x0303 in TLS 1.3; actual version is negotiated via extensions - let _version = buf.read_u16().map_err(|_| ProtocolError::InvalidHandshake)?; + let _version = buf + .read_u16() + .map_err(|_| ProtocolError::InvalidHandshake)?; let mut random = [0; 32]; buf.fill(&mut random)?; @@ -32,7 +34,8 @@ impl<'a> ServerHello<'a> { .slice(session_id_length as usize) .map_err(|_| ProtocolError::InvalidSessionIdLength)?; - let cipher_suite = CipherSuite::parse(buf).map_err(|_| ProtocolError::InvalidCipherSuite)?; + let cipher_suite = + CipherSuite::parse(buf).map_err(|_| ProtocolError::InvalidCipherSuite)?; // compression_method: always 0x00 in TLS 1.3 buf.read_u8()?; diff --git a/src/key_schedule.rs b/src/key_schedule.rs index 77b5eba..0bf464c 100644 --- a/src/key_schedule.rs +++ b/src/key_schedule.rs @@ -70,7 +70,9 @@ where match context_type { ContextType::None => { - hkdf_label.push(0).map_err(|_| ProtocolError::InternalError)?; + hkdf_label + .push(0) + .map_err(|_| ProtocolError::InternalError)?; } ContextType::Hash(context) => { hkdf_label @@ -156,18 +158,18 @@ where } #[inline] - pub fn get_key(&self) -> Result<&KeyArray, ProtocolError> { - Ok(&self.key) + pub fn get_key(&self) -> &KeyArray { + &self.key } #[inline] - pub fn get_iv(&self) -> Result<&IvArray, ProtocolError> { - Ok(&self.iv) + pub fn get_iv(&self) -> &IvArray { + &self.iv } - pub fn get_nonce(&self) -> Result, ProtocolError> { - let iv = self.get_iv()?; - Ok(KeySchedule::::get_nonce(self.counter, iv)) + pub fn get_nonce(&self) -> IvArray { + let iv = self.get_iv(); + KeySchedule::::get_nonce(self.counter, iv) } fn calculate_traffic_secret( @@ -301,7 +303,6 @@ where // Per-record nonce: XOR the static IV with the zero-padded sequence counter (RFC 8446 §5.3) let counter = Self::pad::(&counter.to_be_bytes()); - let mut nonce = GenericArray::default(); for (index, (l, r)) in iv[0..CipherSuite::IvLen::to_usize()] @@ -312,7 +313,6 @@ where nonce[index] = l ^ r; } - nonce } @@ -356,7 +356,6 @@ where // IKM is all-zeros at the master secret stage (RFC 8446 §7.1) self.shared.initialize(Self::zero().as_slice()); - self.calculate_traffic_secrets(b"c ap traffic", b"s ap traffic")?; self.shared.derived() } @@ -406,11 +405,11 @@ where self.state.increment_counter(); } - pub(crate) fn get_key(&self) -> Result<&KeyArray, ProtocolError> { + pub(crate) fn get_key(&self) -> &KeyArray { self.state.get_key() } - pub(crate) fn get_nonce(&self) -> Result, ProtocolError> { + pub(crate) fn get_nonce(&self) -> IvArray { self.state.get_nonce() } @@ -453,11 +452,11 @@ where &mut self.transcript_hash } - pub(crate) fn get_key(&self) -> Result<&KeyArray, ProtocolError> { + pub(crate) fn get_key(&self) -> &KeyArray { self.state.get_key() } - pub(crate) fn get_nonce(&self) -> Result, ProtocolError> { + pub(crate) fn get_nonce(&self) -> IvArray { self.state.get_nonce() } diff --git a/src/lib.rs b/src/lib.rs index 4fd1d39..ac4669d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -7,7 +7,6 @@ clippy::missing_errors_doc )] - pub(crate) mod fmt; use parse_buffer::ParseError; @@ -16,20 +15,20 @@ mod application_data; pub mod blocking; mod buffer; mod change_cipher_spec; +mod cipher; mod cipher_suites; mod common; mod config; mod connection; mod content_types; -mod cipher; mod extensions; -pub mod send_policy; mod handshake; mod key_schedule; mod parse_buffer; pub mod read_buffer; mod record; mod record_reader; +pub mod send_policy; mod write_buffer; pub use config::SkipVerifyProvider; diff --git a/src/native_pki.rs b/src/native_pki.rs index c1bbfc8..3d3ce5b 100644 --- a/src/native_pki.rs +++ b/src/native_pki.rs @@ -1,5 +1,4 @@ use crate::ProtocolError; -use crate::config::{Certificate, TlsCipherSuite, TlsClock, Verifier}; #[cfg(feature = "p384")] use crate::certificate::ECDSA_SHA384; #[cfg(feature = "ed25519")] @@ -7,6 +6,7 @@ use crate::certificate::ED25519; use crate::certificate::{DecodedCertificate, ECDSA_SHA256, Time}; #[cfg(feature = "rsa")] use crate::certificate::{RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512}; +use crate::config::{Certificate, TlsCipherSuite, TlsClock, Verifier}; use crate::extensions::extension_data::signature_algorithms::SignatureScheme; use crate::handshake::{ certificate::{ @@ -126,7 +126,8 @@ where let handshake_hash = unwrap!(self.certificate_transcript.take()); let ctx_str = b"TLS 1.3, server HandshakeVerify\x00"; let mut msg: Vec = Vec::new(); - msg.resize(64, 0x20).map_err(|_| ProtocolError::EncodeError)?; + msg.resize(64, 0x20) + .map_err(|_| ProtocolError::EncodeError)?; msg.extend_from_slice(ctx_str) .map_err(|_| ProtocolError::EncodeError)?; msg.extend_from_slice(&handshake_hash.finalize()) @@ -165,8 +166,8 @@ fn verify_signature( match verify.signature_scheme { SignatureScheme::EcdsaSecp256r1Sha256 => { use p256::ecdsa::{Signature, VerifyingKey, signature::Verifier}; - let verifying_key = - VerifyingKey::from_sec1_bytes(public_key).map_err(|_| ProtocolError::DecodeError)?; + let verifying_key = VerifyingKey::from_sec1_bytes(public_key) + .map_err(|_| ProtocolError::DecodeError)?; let signature = Signature::from_der(&verify.signature).map_err(|_| ProtocolError::DecodeError)?; verified = verifying_key.verify(message, &signature).is_ok(); @@ -174,8 +175,8 @@ fn verify_signature( #[cfg(feature = "p384")] SignatureScheme::EcdsaSecp384r1Sha384 => { use p384::ecdsa::{Signature, VerifyingKey, signature::Verifier}; - let verifying_key = - VerifyingKey::from_sec1_bytes(public_key).map_err(|_| ProtocolError::DecodeError)?; + let verifying_key = VerifyingKey::from_sec1_bytes(public_key) + .map_err(|_| ProtocolError::DecodeError)?; let signature = Signature::from_der(&verify.signature).map_err(|_| ProtocolError::DecodeError)?; verified = verifying_key.verify(message, &signature).is_ok(); diff --git a/src/record.rs b/src/record.rs index cc5a38b..7ec7fa2 100644 --- a/src/record.rs +++ b/src/record.rs @@ -1,7 +1,7 @@ use crate::ProtocolError; use crate::application_data::ApplicationData; use crate::change_cipher_spec::ChangeCipherSpec; -use crate::config::{TlsCipherSuite, ConnectConfig}; +use crate::config::{ConnectConfig, TlsCipherSuite}; use crate::content_types::ContentType; use crate::handshake::client_hello::ClientHello; use crate::handshake::{ClientHandshake, ServerHandshake}; @@ -88,10 +88,7 @@ where } } - pub fn client_hello( - config: &'config ConnectConfig<'config>, - provider: &mut CP, - ) -> Self + pub fn client_hello(config: &'config ConnectConfig<'config>, provider: &mut CP) -> Self where CP: CryptoBackend, { @@ -114,7 +111,7 @@ where match self { ClientRecord::Handshake(handshake, _) => handshake.encode(buf)?, ClientRecord::Alert(alert, _) => alert.encode(buf)?, - }; + } Ok(buf.len() - record_length_marker) } @@ -215,5 +212,4 @@ impl<'a, CipherSuite: TlsCipherSuite> ServerRecord<'a, CipherSuite> { } } } - } diff --git a/src/send_policy.rs b/src/send_policy.rs index 5f6048b..59bf22d 100644 --- a/src/send_policy.rs +++ b/src/send_policy.rs @@ -1,25 +1,20 @@ - /// Controls whether `flush()` calls also flush the underlying transport. /// /// `Strict` (the default) ensures bytes reach the network immediately after every record. /// `Relaxed` leaves transport flushing to the caller, which can reduce syscall overhead. -#[derive(Clone, Copy, Debug, PartialEq, Eq)] +#[derive(Default, Clone, Copy, Debug, PartialEq, Eq)] pub enum FlushPolicy { /// Only encrypt and hand bytes to the transport; do not call `transport.flush()`. Relaxed, /// Call `transport.flush()` after writing each TLS record. + #[default] Strict, } impl FlushPolicy { + #[must_use] pub fn flush_transport(&self) -> bool { matches!(self, Self::Strict) } } - -impl Default for FlushPolicy { - fn default() -> Self { - FlushPolicy::Strict - } -} diff --git a/tests/common/mod.rs b/tests/common/mod.rs index 7cd3328..b0983a7 100644 --- a/tests/common/mod.rs +++ b/tests/common/mod.rs @@ -29,7 +29,11 @@ pub struct EchoServer { } impl EchoServer { - pub fn new(server: TcpListener, mode: ServerMode, cfg: Arc) -> EchoServer { + pub fn new( + server: TcpListener, + mode: ServerMode, + cfg: Arc, + ) -> EchoServer { EchoServer { server, connections: HashMap::new(), diff --git a/tests/integration.rs b/tests/integration.rs index b0e39ba..3d57781 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -600,7 +600,8 @@ mod early_data { let test_dir = std::path::PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests"); let certs = load_certs(&test_dir.join("fixtures").join("leaf-server.pem")); - let privkey = load_private_key(&test_dir.join("fixtures").join("leaf-server-key.pem")); + let privkey = + load_private_key(&test_dir.join("fixtures").join("leaf-server-key.pem")); let mut config = rustls::ServerConfig::builder() .with_cipher_suites(rustls::ALL_CIPHER_SUITES) @@ -701,7 +702,8 @@ mod client_cert { let ca = load_certs(&test_dir.join("fixtures").join("root-ca.pem")); let certs = load_certs(&test_dir.join("fixtures").join("leaf-server.pem")); - let privkey = load_private_key(&test_dir.join("fixtures").join("leaf-server-key.pem")); + let privkey = + load_private_key(&test_dir.join("fixtures").join("leaf-server-key.pem")); let mut client_auth_roots = rustls::RootCertStore::empty(); for root in ca.iter() { @@ -745,8 +747,10 @@ mod client_cert { fn signer( &mut self, - ) -> Result<(impl signature::SignerMut, SignatureScheme), mote_tls::ProtocolError> - { + ) -> Result< + (impl signature::SignerMut, SignatureScheme), + mote_tls::ProtocolError, + > { let secret_key = SecretKey::from_sec1_der(self.priv_key) .map_err(|_| mote_tls::ProtocolError::InvalidPrivateKey)?; @@ -938,7 +942,9 @@ mod cert_verify { mod native_pki { use embedded_io_adapters::tokio_1::FromTokio; use mote_tls::native_pki::CertVerifier; - use mote_tls::{Aes128GcmSha256, CryptoBackend, SignatureScheme, ProtocolError as ConnectError, Verifier}; + use mote_tls::{ + Aes128GcmSha256, CryptoBackend, ProtocolError as ConnectError, SignatureScheme, Verifier, + }; use p256::SecretKey; use p256::ecdsa::{DerSignature, SigningKey}; use rand_core::OsRng; @@ -971,7 +977,9 @@ mod native_pki { Ok(&mut self.verifier) } - fn signer(&mut self) -> Result<(impl SignerMut, SignatureScheme), ConnectError> { + fn signer( + &mut self, + ) -> Result<(impl SignerMut, SignatureScheme), ConnectError> { let key_der = self.priv_key.ok_or(ConnectError::InvalidPrivateKey)?; let secret_key = SecretKey::from_sec1_der(key_der).map_err(|_| ConnectError::InvalidPrivateKey)?; @@ -1013,7 +1021,11 @@ mod native_pki { let ca = load_certs(&test_dir.join("fixtures").join("root-ca.pem")); let certs = load_certs(&test_dir.join("fixtures").join("chain.pem")); - let privkey = load_private_key(&test_dir.join("fixtures").join("intermediate-server-key.pem")); + let privkey = load_private_key( + &test_dir + .join("fixtures") + .join("intermediate-server-key.pem"), + ); let mut client_auth_roots = rustls::RootCertStore::empty(); for root in ca.iter() { @@ -1135,7 +1147,10 @@ mod native_pki { use digest::FixedOutputReset; use embedded_io_adapters::tokio_1::FromTokio; use mote_tls::native_pki::CertVerifier; - use mote_tls::{Aes128GcmSha256, CryptoBackend, SignatureScheme, ProtocolError as ConnectError, Verifier}; + use mote_tls::{ + Aes128GcmSha256, CryptoBackend, ProtocolError as ConnectError, SignatureScheme, + Verifier, + }; use rand_core::{CryptoRngCore, OsRng}; use rsa::pkcs8::DecodePrivateKey; use rustls::server::AllowAnyAnonymousOrAuthenticatedClient; @@ -1183,10 +1198,13 @@ mod native_pki { Ok(&mut self.verifier) } - fn signer(&mut self) -> Result<(impl SignerMut, SignatureScheme), ConnectError> { + fn signer( + &mut self, + ) -> Result<(impl SignerMut, SignatureScheme), ConnectError> + { let key_der = self.priv_key.ok_or(ConnectError::InvalidPrivateKey)?; - let private_key = - rsa::RsaPrivateKey::from_pkcs8_der(key_der).map_err(|_| ConnectError::InvalidPrivateKey)?; + let private_key = rsa::RsaPrivateKey::from_pkcs8_der(key_der) + .map_err(|_| ConnectError::InvalidPrivateKey)?; let signer = RsaPssSigningKey { rng: &mut self.rng, key: rsa::pss::SigningKey::::new(private_key), @@ -1222,11 +1240,14 @@ mod native_pki { let versions = &[&rustls::version::TLS13]; - let test_dir = std::path::PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests"); + let test_dir = + std::path::PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests"); let ca = load_certs(&test_dir.join("fixtures").join("rsa-root-ca.pem")); let certs = load_certs(&test_dir.join("fixtures").join("rsa-leaf-server.pem")); - let privkey = load_private_key(&test_dir.join("fixtures").join("rsa-leaf-server-key.pem")); + let privkey = load_private_key( + &test_dir.join("fixtures").join("rsa-leaf-server-key.pem"), + ); let mut client_auth_roots = rustls::RootCertStore::empty(); for root in ca.iter() {