Format with rust 2024 style

I don't think we can actually enforce this in CI yet?

src/rust/cryptography-crypto/src/pkcs12.rs

@@ -107,7 +107,7 @@ pub fn kdf(
 
 #[cfg(test)]
 mod tests {
-    use super::{kdf, KDF_ENCRYPTION_KEY_ID, KDF_IV_ID, KDF_MAC_KEY_ID};
+    use super::{KDF_ENCRYPTION_KEY_ID, KDF_IV_ID, KDF_MAC_KEY_ID, kdf};
 
     #[test]
     fn test_pkcs12_kdf() {

src/rust/cryptography-openssl/src/aead.rs

@@ -5,7 +5,7 @@
 use foreign_types_shared::{ForeignType, ForeignTypeRef};
 use openssl_sys as ffi;
 
-use crate::{cvt, cvt_p, OpenSSLResult};
+use crate::{OpenSSLResult, cvt, cvt_p};
 
 pub enum AeadType {
     ChaCha20Poly1305,

src/rust/cryptography-openssl/src/cmac.rs

@@ -8,7 +8,7 @@ use foreign_types_shared::{ForeignType, ForeignTypeRef};
 use openssl_sys as ffi;
 
 use crate::hmac::DigestBytes;
-use crate::{cvt, cvt_p, OpenSSLResult};
+use crate::{OpenSSLResult, cvt, cvt_p};
 
 foreign_types::foreign_type! {
     type CType = ffi::CMAC_CTX;

src/rust/cryptography-openssl/src/fips.rs

@@ -12,7 +12,7 @@ use std::ptr;
 use openssl_sys as ffi;
 
 #[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
-use crate::{cvt, OpenSSLResult};
+use crate::{OpenSSLResult, cvt};
 
 pub fn is_enabled() -> bool {
     cfg_if::cfg_if! {

src/rust/cryptography-openssl/src/hmac.rs

@@ -7,7 +7,7 @@ use std::ptr;
 use foreign_types_shared::{ForeignType, ForeignTypeRef};
 use openssl_sys as ffi;
 
-use crate::{cvt, cvt_p, OpenSSLResult};
+use crate::{OpenSSLResult, cvt, cvt_p};
 
 foreign_types::foreign_type! {
     type CType = ffi::HMAC_CTX;

src/rust/cryptography-x509-verification/src/certificate.rs

@@ -14,8 +14,8 @@ pub(crate) fn cert_is_self_issued(cert: &Certificate<'_>) -> bool {
 pub(crate) mod tests {
     use super::cert_is_self_issued;
     use crate::certificate::Certificate;
-    use crate::ops::tests::{cert, v1_cert_pem};
     use crate::ops::CryptoOps;
+    use crate::ops::tests::{cert, v1_cert_pem};
 
     #[test]
     fn test_certificate_v1() {

src/rust/cryptography-x509-verification/src/lib.rs

@@ -23,14 +23,14 @@ use cryptography_x509::extensions::{
 use cryptography_x509::name::GeneralName;
 use cryptography_x509::oid::{NAME_CONSTRAINTS_OID, SUBJECT_ALTERNATIVE_NAME_OID};
 
+use crate::ApplyNameConstraintStatus::{Applied, Skipped};
 use crate::certificate::cert_is_self_issued;
 use crate::ops::{CryptoOps, VerificationCertificate};
 use crate::policy::Policy;
 use crate::trust_store::Store;
 use crate::types::{
     DNSConstraint, DNSPattern, IPAddress, IPConstraint, RFC822Constraint, RFC822Name,
 };
-use crate::ApplyNameConstraintStatus::{Applied, Skipped};
 
 pub enum ValidationErrorKind<'chain, B: CryptoOps> {
     CandidatesExhausted(Box<ValidationError<'chain, B>>),

src/rust/cryptography-x509-verification/src/policy/extension.rs

@@ -11,12 +11,10 @@ use cryptography_x509::oid::{
     SUBJECT_KEY_IDENTIFIER_OID,
 };
 
-use crate::ops::VerificationCertificate;
-use crate::{
-    ops::CryptoOps, policy::Policy, ValidationError, ValidationErrorKind, ValidationResult,
-};
-
 use super::Subject;
+use crate::ops::{CryptoOps, VerificationCertificate};
+use crate::policy::Policy;
+use crate::{ValidationError, ValidationErrorKind, ValidationResult};
 
 pub(crate) enum CertificateType {
     EE,
@@ -471,7 +469,7 @@ mod ee {
             (false, true) => {
                 return Err(ValidationError::new(ValidationErrorKind::Other(
                     "EE subjectAltName MUST NOT be critical when subject is nonempty".to_string(),
-                )))
+                )));
             }
             _ => (),
         };
@@ -782,14 +780,18 @@ mod tests {
         };
         let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, true, &bc);
         let raw_ext = asn1::parse_single(&der_ext).unwrap();
-        assert!(extension_validator
-            .permits(&policy, &verification_cert, Some(&raw_ext))
-            .is_ok());
+        assert!(
+            extension_validator
+                .permits(&policy, &verification_cert, Some(&raw_ext))
+                .is_ok()
+        );
 
         // Check the case where the extension isn't present.
-        assert!(extension_validator
-            .permits(&policy, &verification_cert, None)
-            .is_err());
+        assert!(
+            extension_validator
+                .permits(&policy, &verification_cert, None)
+                .is_err()
+        );
     }
 
     fn maybe_extension_validator<'chain, B: CryptoOps>(
@@ -831,14 +833,18 @@ mod tests {
         };
         let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, true, &bc);
         let raw_ext = asn1::parse_single(&der_ext).unwrap();
-        assert!(extension_validator
-            .permits(&policy, &verification_cert, Some(&raw_ext))
-            .is_ok());
+        assert!(
+            extension_validator
+                .permits(&policy, &verification_cert, Some(&raw_ext))
+                .is_ok()
+        );
 
         // Check the case where the extension isn't present.
-        assert!(extension_validator
-            .permits(&policy, &verification_cert, None)
-            .is_ok());
+        assert!(
+            extension_validator
+                .permits(&policy, &verification_cert, None)
+                .is_ok()
+        );
     }
 
     #[test]
@@ -869,14 +875,18 @@ mod tests {
         };
         let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, true, &bc);
         let raw_ext = asn1::parse_single(&der_ext).unwrap();
-        assert!(extension_validator
-            .permits(&policy, &verification_cert, Some(&raw_ext))
-            .is_err());
+        assert!(
+            extension_validator
+                .permits(&policy, &verification_cert, Some(&raw_ext))
+                .is_err()
+        );
 
         // Check the case where the extension isn't present.
-        assert!(extension_validator
-            .permits(&policy, &verification_cert, None)
-            .is_ok());
+        assert!(
+            extension_validator
+                .permits(&policy, &verification_cert, None)
+                .is_ok()
+        );
     }
 
     #[test]
@@ -909,13 +919,15 @@ mod tests {
         };
         let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, false, &bc);
         let raw_ext = asn1::parse_single(&der_ext).unwrap();
-        assert!(extension_validator
-            .permits(
-                &policy,
-                &VerificationCertificate::new(&cert, ()),
-                Some(&raw_ext)
-            )
-            .is_err());
+        assert!(
+            extension_validator
+                .permits(
+                    &policy,
+                    &VerificationCertificate::new(&cert, ()),
+                    Some(&raw_ext)
+                )
+                .is_err()
+        );
     }
 
     #[test]
@@ -948,13 +960,15 @@ mod tests {
         };
         let der_ext = create_encoded_extension(BASIC_CONSTRAINTS_OID, false, &bc);
         let raw_ext = asn1::parse_single(&der_ext).unwrap();
-        assert!(extension_validator
-            .permits(
-                &policy,
-                &VerificationCertificate::new(&cert, ()),
-                Some(&raw_ext)
-            )
-            .is_err());
+        assert!(
+            extension_validator
+                .permits(
+                    &policy,
+                    &VerificationCertificate::new(&cert, ()),
+                    Some(&raw_ext)
+                )
+                .is_err()
+        );
     }
 
     #[test]

src/rust/cryptography-x509-verification/src/policy/mod.rs

@@ -12,9 +12,9 @@ use asn1::ObjectIdentifier;
 use cryptography_key_parsing::rsa::Pkcs1RsaPublicKey;
 use cryptography_x509::certificate::Certificate;
 use cryptography_x509::common::{
-    AlgorithmIdentifier, AlgorithmParameters, EcParameters, RsaPssParameters, Time,
-    PSS_SHA256_HASH_ALG, PSS_SHA256_MASK_GEN_ALG, PSS_SHA384_HASH_ALG, PSS_SHA384_MASK_GEN_ALG,
-    PSS_SHA512_HASH_ALG, PSS_SHA512_MASK_GEN_ALG,
+    AlgorithmIdentifier, AlgorithmParameters, EcParameters, PSS_SHA256_HASH_ALG,
+    PSS_SHA256_MASK_GEN_ALG, PSS_SHA384_HASH_ALG, PSS_SHA384_MASK_GEN_ALG, PSS_SHA512_HASH_ALG,
+    PSS_SHA512_MASK_GEN_ALG, RsaPssParameters, Time,
 };
 use cryptography_x509::extensions::{BasicConstraints, Extensions, SubjectAlternativeName};
 use cryptography_x509::name::GeneralName;
@@ -579,13 +579,13 @@ mod tests {
     use cryptography_x509::name::{GeneralName, UnvalidatedIA5String};
 
     use super::{
-        permits_validity_date, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSASSA_PKCS1V15_SHA256,
-        RSASSA_PKCS1V15_SHA384, RSASSA_PKCS1V15_SHA512, RSASSA_PSS_SHA256, RSASSA_PSS_SHA384,
-        RSASSA_PSS_SHA512, WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS,
+        ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512, RSASSA_PKCS1V15_SHA256, RSASSA_PKCS1V15_SHA384,
+        RSASSA_PKCS1V15_SHA512, RSASSA_PSS_SHA256, RSASSA_PSS_SHA384, RSASSA_PSS_SHA512,
+        WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS, permits_validity_date,
     };
     use crate::certificate::tests::PublicKeyErrorOps;
     use crate::policy::{
-        Subject, SPKI_RSA, SPKI_SECP256R1, SPKI_SECP384R1, SPKI_SECP521R1,
+        SPKI_RSA, SPKI_SECP256R1, SPKI_SECP384R1, SPKI_SECP521R1, Subject,
         WEBPKI_PERMITTED_SPKI_ALGORITHMS,
     };
     use crate::types::{DNSName, IPAddress};

src/rust/cryptography-x509-verification/src/trust_store.rs

@@ -43,9 +43,9 @@ impl<'a, B: CryptoOps> Store<'a, B> {
 #[cfg(test)]
 mod tests {
     use super::Store;
+    use crate::VerificationCertificate;
     use crate::certificate::tests::PublicKeyErrorOps;
     use crate::ops::tests::{cert, v1_cert_pem};
-    use crate::VerificationCertificate;
 
     #[test]
     fn test_store() {

src/rust/cryptography-x509-verification/src/types.rs

@@ -861,8 +861,12 @@ mod tests {
             assert!(in_domain.matches(&RFC822Name::new("[email protected]").unwrap()));
             assert!(in_domain.matches(&RFC822Name::new("[email protected]").unwrap()));
             assert!(in_domain.matches(&RFC822Name::new("[email protected]").unwrap()));
-            assert!(in_domain.matches(&RFC822Name::new("[email protected]").unwrap()));
-            assert!(in_domain.matches(&RFC822Name::new("[email protected]").unwrap()));
+            assert!(
+                in_domain.matches(&RFC822Name::new("[email protected]").unwrap())
+            );
+            assert!(
+                in_domain.matches(&RFC822Name::new("[email protected]").unwrap())
+            );
             assert!(in_domain.matches(&RFC822Name::new("[email protected]").unwrap()));
             // Case changes are okay in the subdomains and in the mailbox, since any mailbox
             // in the domain is okay.

src/rust/cryptography-x509/src/extensions.rs

@@ -325,9 +325,11 @@ mod tests {
         let extensions = Extensions::from_raw_extensions(Some(&raw)).ok().unwrap();
 
         assert!(&extensions.get_extension(&BASIC_CONSTRAINTS_OID).is_some());
-        assert!(&extensions
-            .get_extension(&AUTHORITY_KEY_IDENTIFIER_OID)
-            .is_none());
+        assert!(
+            &extensions
+                .get_extension(&AUTHORITY_KEY_IDENTIFIER_OID)
+                .is_none()
+        );
     }
 
     #[test]

src/rust/src/asn1.rs

@@ -3,9 +3,9 @@
 // for complete details.
 
 use cryptography_x509::common::{DssSignature, SubjectPublicKeyInfo};
+use pyo3::IntoPyObject;
 use pyo3::pybacked::PyBackedBytes;
 use pyo3::types::{IntoPyDict, PyAnyMethods};
-use pyo3::IntoPyObject;
 
 use crate::error::{CryptographyError, CryptographyResult};
 use crate::types;

src/rust/src/backend/aead.rs

@@ -617,7 +617,7 @@ impl AesGcm {
                     pyo3::exceptions::PyValueError::new_err(
                         "AESGCM key must be 128, 192, or 256 bits.",
                     ),
-                ))
+                ));
             }
         };
 
@@ -860,7 +860,7 @@ impl AesSiv {
                     pyo3::exceptions::PyValueError::new_err(
                         "AESSIV key must be 256, 384, or 512 bits.",
                     ),
-                ))
+                ));
             }
         };
 
@@ -1071,7 +1071,7 @@ impl AesGcmSiv {
                     pyo3::exceptions::PyValueError::new_err(
                         "AES-GCM-SIV key must be 128, 192 or 256 bits.",
                     ),
-                ))
+                ));
             }
         };
 

src/rust/src/backend/ciphers.rs

@@ -2,8 +2,8 @@
 // 2.0, and the BSD License. See the LICENSE file in the root of this repository
 // for complete details.
 
-use pyo3::types::PyAnyMethods;
 use pyo3::IntoPyObject;
+use pyo3::types::PyAnyMethods;
 
 use crate::backend::cipher_registry;
 use crate::buf::{CffiBuf, CffiMutBuf};
@@ -41,7 +41,7 @@ impl CipherContext {
                             ),
                             exceptions::Reasons::UNSUPPORTED_CIPHER,
                         )),
-                    ))
+                    ));
                 }
             };
 
@@ -614,7 +614,7 @@ fn _advance_aad(ctx: pyo3::Bound<'_, pyo3::PyAny>, n: u64) {
 pub(crate) mod ciphers {
     #[pymodule_export]
     use super::{
-        _advance, _advance_aad, cipher_supported, create_decryption_ctx, create_encryption_ctx,
-        PyAEADDecryptionContext, PyAEADEncryptionContext, PyCipherContext,
+        _advance, _advance_aad, PyAEADDecryptionContext, PyAEADEncryptionContext, PyCipherContext,
+        cipher_supported, create_decryption_ctx, create_encryption_ctx,
     };
 }

src/rust/src/backend/dh.rs

@@ -544,7 +544,7 @@ impl DHParameterNumbers {
 pub(crate) mod dh {
     #[pymodule_export]
     use super::{
-        from_der_parameters, from_pem_parameters, generate_parameters, DHParameterNumbers,
-        DHParameters, DHPrivateKey, DHPrivateNumbers, DHPublicKey, DHPublicNumbers,
+        DHParameterNumbers, DHParameters, DHPrivateKey, DHPrivateNumbers, DHPublicKey,
+        DHPublicNumbers, from_der_parameters, from_pem_parameters, generate_parameters,
     };
 }

src/rust/src/backend/dsa.rs

@@ -512,7 +512,7 @@ impl DsaParameterNumbers {
 pub(crate) mod dsa {
     #[pymodule_export]
     use super::{
-        generate_parameters, DsaParameterNumbers, DsaParameters, DsaPrivateKey, DsaPrivateNumbers,
-        DsaPublicKey, DsaPublicNumbers,
+        DsaParameterNumbers, DsaParameters, DsaPrivateKey, DsaPrivateNumbers, DsaPublicKey,
+        DsaPublicNumbers, generate_parameters,
     };
 }

src/rust/src/backend/ec.rs

@@ -35,7 +35,9 @@ fn curve_from_py_curve(
     if !py_curve.is_instance(&types::ELLIPTIC_CURVE.get(py)?)? {
         if allow_curve_class {
             let warning_cls = types::DEPRECATED_IN_42.get(py)?;
-            let message = cstr_from_literal!("Curve argument must be an instance of an EllipticCurve class. Did you pass a class by mistake? This will be an exception in a future version of cryptography");
+            let message = cstr_from_literal!(
+                "Curve argument must be an instance of an EllipticCurve class. Did you pass a class by mistake? This will be an exception in a future version of cryptography"
+            );
             pyo3::PyErr::warn(py, &warning_cls, message, 1)?;
         } else {
             return Err(CryptographyError::from(
@@ -689,7 +691,7 @@ impl EllipticCurvePublicNumbers {
 pub(crate) mod ec {
     #[pymodule_export]
     use super::{
-        curve_supported, derive_private_key, from_public_bytes, generate_private_key, ECPrivateKey,
-        ECPublicKey, EllipticCurvePrivateNumbers, EllipticCurvePublicNumbers,
+        ECPrivateKey, ECPublicKey, EllipticCurvePrivateNumbers, EllipticCurvePublicNumbers,
+        curve_supported, derive_private_key, from_public_bytes, generate_private_key,
     };
 }