Workspace-level lint configuration (#194)

Enables and fixes the same workspace-level lint configuration we
originally implemented in RustCrypto/utils#1411, but for this repo.

This primarily includes `clippy` lints, which have replaced the ones
configured in individual lib.rs files.

Since every crate in this repo previously declared `forbid(unsafe_code)`
this has also been moved to the workspace-level.

Author: tarcieri

.clippy.toml

@@ -0,0 +1,2 @@
+allow-unwrap-in-consts = true
+allow-unwrap-in-tests = true

Cargo.toml

@@ -10,3 +10,43 @@ members = [
 
 [profile.dev]
 opt-level = 2
+
+[workspace.lints.clippy]
+borrow_as_ptr = "warn"
+cast_lossless = "warn"
+cast_possible_truncation = "warn"
+cast_possible_wrap = "warn"
+cast_precision_loss = "warn"
+cast_sign_loss = "warn"
+checked_conversions = "warn"
+doc_markdown = "warn"
+from_iter_instead_of_collect = "warn"
+implicit_saturating_sub = "warn"
+manual_assert = "warn"
+map_unwrap_or = "warn"
+missing_errors_doc = "warn"
+missing_panics_doc = "warn"
+mod_module_files = "warn"
+must_use_candidate = "warn"
+needless_range_loop = "allow"
+ptr_as_ptr = "warn"
+redundant_closure_for_method_calls = "warn"
+ref_as_ptr = "warn"
+return_self_not_must_use = "warn"
+semicolon_if_nothing_returned = "warn"
+trivially_copy_pass_by_ref = "warn"
+std_instead_of_alloc = "warn"
+std_instead_of_core = "warn"
+undocumented_unsafe_blocks = "warn"
+unnecessary_safety_comment = "warn"
+unwrap_used = "warn"
+
+[workspace.lints.rust]
+missing_copy_implementations = "warn"
+missing_debug_implementations = "warn"
+missing_docs = "warn"
+trivial_casts = "warn"
+trivial_numeric_casts = "warn"
+unsafe_code = "forbid"
+unused_lifetimes = "warn"
+unused_qualifications = "warn"

ansi-x963-kdf/Cargo.toml

@@ -18,3 +18,6 @@ digest = "0.11"
 [dev-dependencies]
 hex-literal = "1"
 sha2 = { version = "0.11", default-features = false }
+
+[lints]
+workspace = true

ansi-x963-kdf/README.md

@@ -1,4 +1,4 @@
-# RustCrypto: ANSI X9.63 Key Derivation Function
+# [RustCrypto]: ANSI X9.63 Key Derivation Function
 
 [![crate][crate-image]][crate-link]
 [![Docs][docs-image]][docs-link]
@@ -39,6 +39,8 @@ Unless you explicitly state otherwise, any contribution intentionally submitted
 for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
 dual licensed as above, without any additional terms or conditions.
 
+[//]: # (badges)
+
 [crate-image]: https://img.shields.io/crates/v/ansi-x963-kdf.svg?logo=rust
 [crate-link]: https://crates.io/crates/ansi-x963-kdf
 [docs-image]: https://docs.rs/ansi-x963-kdf/badge.svg
@@ -49,3 +51,7 @@ dual licensed as above, without any additional terms or conditions.
 [rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260043-KDFs
+
+[//]: # (links)
+
+[RustCrypto]: https://github.com/RustCrypto

ansi-x963-kdf/src/lib.rs

@@ -5,8 +5,6 @@
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![forbid(unsafe_code)]
-#![warn(missing_docs)]
 
 use core::fmt;
 use digest::{Digest, FixedOutputReset, array::typenum::Unsigned};
@@ -22,6 +20,10 @@ use digest::{Digest, FixedOutputReset, array::typenum::Unsigned};
 /// ansi_x963_kdf::derive_key_into::<Sha256>(b"secret", b"shared-info", &mut key).unwrap();
 /// assert_eq!(key, hex!("8dbb1d50bcc7fc782abc9db5c64a2826"));
 /// ```
+///
+/// # Errors
+/// - Returns [`Error::InputOverflow`] if too much input is provided
+/// - Returns [`Error::CounterOverflow`] if `key` is too long
 #[inline]
 pub fn derive_key_into<D>(secret: &[u8], shared_info: &[u8], key: &mut [u8]) -> Result<(), Error>
 where
@@ -38,13 +40,14 @@ where
     // 1. Check that |Z| + |SharedInfo| + 4 < hashmaxlen
     // where "hashmaxlen denote the maximum length in octets of messages that can be hashed using Hash".
     // N.B.: `D::OutputSize::U64 * (u32::MAX as u64)`` is currently used as an approximation of hashmaxlen.
-    if secret.len() as u64 + shared_info.len() as u64 + 4 >= D::OutputSize::U64 * (u32::MAX as u64)
+    if secret.len() as u64 + shared_info.len() as u64 + 4
+        >= D::OutputSize::U64 * u64::from(u32::MAX)
     {
         return Err(Error::InputOverflow);
     }
 
     // 2. Check that keydatalen < hashlen × (2^32 − 1)
-    if key.len() as u64 >= D::OutputSize::U64 * (u32::MAX as u64) {
+    if key.len() as u64 >= D::OutputSize::U64 * u64::from(u32::MAX) {
         return Err(Error::CounterOverflow);
     }
 

ansi-x963-kdf/tests/tests.rs

@@ -4,6 +4,8 @@
 //! KDF2 implementation [KDF2BytesGenerator][1]
 //!
 //! [1]: https://downloads.bouncycastle.org/java/docs/bcprov-jdk18on-javadoc/
+#![allow(clippy::unwrap_used, reason = "tests")]
+
 use digest::{Digest, FixedOutputReset};
 use hex_literal::hex;
 use sha2::{Sha224, Sha256, Sha512};

bake-kdf/Cargo.toml

@@ -18,5 +18,8 @@ belt-hash = { version = "0.2.0-rc.5", default-features = false }
 [dev-dependencies]
 hex-literal = "1"
 
+[lints]
+workspace = true
+
 [package.metadata.docs.rs]
 all-features = true

bake-kdf/README.md

@@ -1,4 +1,4 @@
-# RustCrypto: bake-kdf
+# [RustCrypto]: bake-kdf
 
 [![crate][crate-image]][crate-link]
 [![Docs][docs-image]][docs-link]
@@ -53,3 +53,7 @@ dual licensed as above, without any additional terms or conditions.
 [rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260043-KDFs
+
+[//]: # (links)
+
+[RustCrypto]: https://github.com/RustCrypto

bake-kdf/src/lib.rs

@@ -5,8 +5,7 @@
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
 #![cfg_attr(docsrs, feature(doc_cfg))]
-#![forbid(unsafe_code)]
-#![warn(missing_docs)]
+#![allow(clippy::unwrap_used, reason = "todo")]
 
 use belt_hash::digest::FixedOutput;
 use belt_hash::{BeltHash, Digest, block_api::belt_compress};
@@ -15,9 +14,13 @@ use belt_hash::{BeltHash, Digest, block_api::belt_compress};
 ///
 /// # Panics
 /// If `N` is not equal to 16, 24, or 32.
-// TODO: use compile-time checks for `N`
 #[inline]
+#[must_use]
 pub fn belt_keyexpand<const N: usize>(k: &[u8; N]) -> [u32; 8] {
+    const {
+        assert!(matches!(N, 16 | 24 | 32), "N must be 16, 24, or 32");
+    }
+
     let mut t = [0u32; 8];
     // TODO: move this conversion into `belt_keyrep` when we will be able
     // to use generic parameters as `[u32; N / 4]`.
@@ -44,15 +47,30 @@ pub fn belt_keyexpand<const N: usize>(k: &[u8; N]) -> [u32; 8] {
 /// `belt-keyrep` key repetition algorithm described in STB 34.101.31-2020 8.1.3.
 ///
 /// # Panics
-/// If `(N, M)` is not equal to `(16, 16)`, `(24, 16)`, `(24, 24)`,
-/// `(32, 16)`, `(32, 24)`, or `(32, 32)`.
-// TODO: use compile-time check for `N` and `M`
+/// If `(N, M)` is not equal to one of:
+/// - `(16, 16)`
+/// - `(24, 16)`
+/// - `(24, 24)`
+/// - `(32, 16)`
+/// - `(32, 24)`
+/// - `(32, 32)`
 #[inline]
+#[must_use]
 pub fn belt_keyrep<const N: usize, const M: usize>(
     x: &[u8; N],
     d: &[u8; 12],
     i: &[u8; 16],
 ) -> [u8; M] {
+    const {
+        assert!(
+            matches!(
+                (N, M),
+                (16, 16) | (24, 16) | (24, 24) | (32, 16) | (32, 24) | (32, 32)
+            ),
+            "invalid N/M values"
+        );
+    }
+
     let r: u32 = match (N, M) {
         (16, 16) => 0xC8BA94B1,
         (24, 16) => 0x12D6E35B,
@@ -89,6 +107,7 @@ pub fn belt_keyrep<const N: usize, const M: usize>(
 
 /// `bake-kdf` key derivation algorithm described in STB 34.101.66-2014 8.1.4.
 #[inline]
+#[must_use]
 pub fn bake_kdf(x: &[u8], s: &[u8], c: u128) -> [u8; 32] {
     let mut hasher = BeltHash::default();
     hasher.update(x);

bake-kdf/tests/tests.rs

@@ -1,3 +1,5 @@
+//! Test vectors
+
 use bake_kdf::{bake_kdf, belt_keyexpand, belt_keyrep};
 use hex_literal::hex;