From 229750e26df17c3bc3f752970649501294e9a3fa Mon Sep 17 00:00:00 2001 From: Justin Smith Date: Tue, 28 Jan 2025 13:54:25 -0500 Subject: [PATCH 1/2] Change import granularity to Module --- .rustfmt.toml | 1 + aws-lc-fips-sys/builder/cmake_builder.rs | 10 ++-- aws-lc-fips-sys/builder/main.rs | 13 +++-- aws-lc-rs-testing/benches/cipher_benchmark.rs | 10 ++-- aws-lc-rs-testing/benches/kem_benchmark.rs | 5 +- aws-lc-rs-testing/tests/quic_test.rs | 6 +- aws-lc-rs/examples/digest.rs | 6 +- aws-lc-rs/src/aead/aead_ctx.rs | 26 +++++---- aws-lc-rs/src/aead/aes_gcm.rs | 8 ++- aws-lc-rs/src/aead/chacha.rs | 9 +-- .../src/aead/chacha20_poly1305_openssh.rs | 30 ++++++---- aws-lc-rs/src/aead/nonce.rs | 11 ++-- .../src/aead/nonce_sequence/counter32.rs | 11 ++-- .../src/aead/nonce_sequence/counter64.rs | 11 ++-- aws-lc-rs/src/aead/poly1305.rs | 6 +- aws-lc-rs/src/aead/quic.rs | 17 +++--- aws-lc-rs/src/aead/tls.rs | 6 +- aws-lc-rs/src/aead/unbound_key.rs | 19 +++--- aws-lc-rs/src/agreement.rs | 58 ++++++++++--------- aws-lc-rs/src/agreement/ephemeral.rs | 28 +++++---- aws-lc-rs/src/bn.rs | 6 +- aws-lc-rs/src/buffer.rs | 3 +- aws-lc-rs/src/cbb.rs | 14 ++--- aws-lc-rs/src/cipher.rs | 22 +++---- aws-lc-rs/src/cipher/aes.rs | 12 ++-- aws-lc-rs/src/cipher/chacha.rs | 6 +- aws-lc-rs/src/cipher/key.rs | 28 +++++---- aws-lc-rs/src/cipher/padded.rs | 25 ++++---- aws-lc-rs/src/cipher/streaming.rs | 34 ++++++----- aws-lc-rs/src/constant_time.rs | 3 +- aws-lc-rs/src/digest.rs | 18 +++--- aws-lc-rs/src/digest/digest_ctx.rs | 11 ++-- aws-lc-rs/src/ec.rs | 35 ++++++----- aws-lc-rs/src/ec/key_pair.rs | 40 ++++++++----- aws-lc-rs/src/ec/signature.rs | 35 ++++++----- aws-lc-rs/src/ed25519.rs | 47 ++++++++------- aws-lc-rs/src/error.rs | 3 +- aws-lc-rs/src/evp_pkey.rs | 25 ++++---- aws-lc-rs/src/hkdf.rs | 11 ++-- aws-lc-rs/src/hmac.rs | 18 +++--- aws-lc-rs/src/iv.rs | 3 +- aws-lc-rs/src/kdf/kbkdf.rs | 3 +- aws-lc-rs/src/kdf/sskdf.rs | 3 +- aws-lc-rs/src/kem.rs | 14 ++--- aws-lc-rs/src/key_wrap.rs | 12 ++-- aws-lc-rs/src/pbkdf2.rs | 8 +-- aws-lc-rs/src/ptr.rs | 6 +- aws-lc-rs/src/rand.rs | 4 +- aws-lc-rs/src/rsa.rs | 3 +- aws-lc-rs/src/rsa/encoding.rs | 12 ++-- aws-lc-rs/src/rsa/encryption.rs | 2 +- aws-lc-rs/src/rsa/encryption/oaep.rs | 12 ++-- aws-lc-rs/src/rsa/encryption/pkcs1.rs | 12 ++-- aws-lc-rs/src/rsa/key.rs | 10 ++-- aws-lc-rs/src/rsa/signature.rs | 5 +- aws-lc-rs/src/signature.rs | 24 ++++---- aws-lc-rs/src/test.rs | 14 +++-- aws-lc-rs/src/tls_prf.rs | 4 +- aws-lc-rs/src/tls_prf/tests/fips.rs | 6 +- aws-lc-rs/tests/aead_test.rs | 3 +- aws-lc-rs/tests/basic_rsa_test.rs | 12 ++-- aws-lc-rs/tests/cipher_test.rs | 14 +++-- aws-lc-rs/tests/ecdsa_tests.rs | 3 +- aws-lc-rs/tests/ed25519_tests.rs | 4 +- aws-lc-rs/tests/hmac_test.rs | 3 +- aws-lc-rs/tests/kdf_test.rs | 12 ++-- aws-lc-rs/tests/quic_test.rs | 3 +- aws-lc-rs/tests/rsa_test.rs | 24 ++++---- aws-lc-sys/builder/cmake_builder.rs | 15 +++-- aws-lc-sys/builder/main.rs | 12 ++-- 70 files changed, 534 insertions(+), 415 deletions(-) create mode 100644 .rustfmt.toml diff --git a/.rustfmt.toml b/.rustfmt.toml new file mode 100644 index 00000000000..c3c8c375338 --- /dev/null +++ b/.rustfmt.toml @@ -0,0 +1 @@ +imports_granularity = "Crate" diff --git a/aws-lc-fips-sys/builder/cmake_builder.rs b/aws-lc-fips-sys/builder/cmake_builder.rs index a9ef4ab42a9..44939c66619 100644 --- a/aws-lc-fips-sys/builder/cmake_builder.rs +++ b/aws-lc-fips-sys/builder/cmake_builder.rs @@ -1,16 +1,14 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::OutputLib::{Crypto, RustWrapper, Ssl}; use crate::{ cargo_env, emit_rustc_cfg, emit_warning, execute_command, is_cpu_jitter_entropy, is_no_asm, option_env, target, target_arch, target_env, target_family, target_os, target_underscored, - target_vendor, OutputLibType, TestCommandResult, + target_vendor, + OutputLib::{Crypto, RustWrapper, Ssl}, + OutputLibType, TestCommandResult, }; -use std::collections::HashMap; -use std::env; -use std::ffi::OsString; -use std::path::PathBuf; +use std::{collections::HashMap, env, ffi::OsString, path::PathBuf}; pub(crate) struct CmakeBuilder { manifest_dir: PathBuf, diff --git a/aws-lc-fips-sys/builder/main.rs b/aws-lc-fips-sys/builder/main.rs index 7f95dd365da..635bbd160ca 100644 --- a/aws-lc-fips-sys/builder/main.rs +++ b/aws-lc-fips-sys/builder/main.rs @@ -10,12 +10,13 @@ #![cfg_attr(clippy, feature(custom_inner_attributes))] #![cfg_attr(clippy, clippy::msrv = "1.77")] -use core::fmt; -use core::fmt::Debug; -use std::env; -use std::ffi::{OsStr, OsString}; -use std::path::{Path, PathBuf}; -use std::process::Command; +use core::{fmt, fmt::Debug}; +use std::{ + env, + ffi::{OsStr, OsString}, + path::{Path, PathBuf}, + process::Command, +}; use cmake_builder::CmakeBuilder; diff --git a/aws-lc-rs-testing/benches/cipher_benchmark.rs b/aws-lc-rs-testing/benches/cipher_benchmark.rs index 113c028d297..e9a1ca7f90e 100644 --- a/aws-lc-rs-testing/benches/cipher_benchmark.rs +++ b/aws-lc-rs-testing/benches/cipher_benchmark.rs @@ -1,11 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::cipher::{ - DecryptingKey, EncryptingKey, EncryptionContext, OperatingMode, PaddedBlockDecryptingKey, - PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, +use aws_lc_rs::{ + cipher::{ + DecryptingKey, EncryptingKey, EncryptionContext, OperatingMode, PaddedBlockDecryptingKey, + PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, + }, + test, test_file, }; -use aws_lc_rs::{test, test_file}; use criterion::{criterion_group, criterion_main, Criterion}; macro_rules! openssl_bench { diff --git a/aws-lc-rs-testing/benches/kem_benchmark.rs b/aws-lc-rs-testing/benches/kem_benchmark.rs index 56f9206f4e2..f6571dd66c2 100644 --- a/aws-lc-rs-testing/benches/kem_benchmark.rs +++ b/aws-lc-rs-testing/benches/kem_benchmark.rs @@ -1,10 +1,7 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - kem::DecapsulationKey, - kem::{Algorithm, ML_KEM_1024, ML_KEM_512, ML_KEM_768}, -}; +use aws_lc_rs::kem::{Algorithm, DecapsulationKey, ML_KEM_1024, ML_KEM_512, ML_KEM_768}; use criterion::{criterion_group, criterion_main, Criterion}; const KEM_ALGORITHMS: &[Algorithm; 3] = &[ML_KEM_512, ML_KEM_768, ML_KEM_1024]; diff --git a/aws-lc-rs-testing/tests/quic_test.rs b/aws-lc-rs-testing/tests/quic_test.rs index 93a56c57683..87598622f3f 100644 --- a/aws-lc-rs-testing/tests/quic_test.rs +++ b/aws-lc-rs-testing/tests/quic_test.rs @@ -1,8 +1,10 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::aead::quic::{HeaderProtectionKey, AES_128, AES_256, CHACHA20}; -use aws_lc_rs::{hkdf, test}; +use aws_lc_rs::{ + aead::quic::{HeaderProtectionKey, AES_128, AES_256, CHACHA20}, + hkdf, test, +}; #[test] fn test_key_type_header_protection_key() { diff --git a/aws-lc-rs/examples/digest.rs b/aws-lc-rs/examples/digest.rs index f3fed1cb839..d1d4ef3c1fa 100644 --- a/aws-lc-rs/examples/digest.rs +++ b/aws-lc-rs/examples/digest.rs @@ -12,8 +12,10 @@ //! ``` use aws_lc_rs::{digest, test}; use clap::{Parser, ValueEnum}; -use std::fs::File; -use std::io::{Read, Result}; +use std::{ + fs::File, + io::{Read, Result}, +}; #[derive(ValueEnum, Clone, Copy, Debug)] enum DigestType { diff --git a/aws-lc-rs/src/aead/aead_ctx.rs b/aws-lc-rs/src/aead/aead_ctx.rs index 8b361043af6..84edd16f20b 100644 --- a/aws-lc-rs/src/aead/aead_ctx.rs +++ b/aws-lc-rs/src/aead/aead_ctx.rs @@ -1,22 +1,24 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use core::mem::size_of; -use core::ptr::null_mut; +use core::{mem::size_of, ptr::null_mut}; use crate::cipher::chacha; -use crate::aws_lc::{ - evp_aead_direction_t, evp_aead_direction_t_evp_aead_open, evp_aead_direction_t_evp_aead_seal, - EVP_AEAD_CTX_init, EVP_AEAD_CTX_init_with_direction, EVP_AEAD_CTX_zero, EVP_aead_aes_128_gcm, - EVP_aead_aes_128_gcm_randnonce, EVP_aead_aes_128_gcm_siv, EVP_aead_aes_128_gcm_tls12, - EVP_aead_aes_128_gcm_tls13, EVP_aead_aes_192_gcm, EVP_aead_aes_256_gcm, - EVP_aead_aes_256_gcm_randnonce, EVP_aead_aes_256_gcm_siv, EVP_aead_aes_256_gcm_tls12, - EVP_aead_aes_256_gcm_tls13, EVP_aead_chacha20_poly1305, OPENSSL_malloc, EVP_AEAD_CTX, +use crate::{ + aws_lc::{ + evp_aead_direction_t, evp_aead_direction_t_evp_aead_open, + evp_aead_direction_t_evp_aead_seal, EVP_AEAD_CTX_init, EVP_AEAD_CTX_init_with_direction, + EVP_AEAD_CTX_zero, EVP_aead_aes_128_gcm, EVP_aead_aes_128_gcm_randnonce, + EVP_aead_aes_128_gcm_siv, EVP_aead_aes_128_gcm_tls12, EVP_aead_aes_128_gcm_tls13, + EVP_aead_aes_192_gcm, EVP_aead_aes_256_gcm, EVP_aead_aes_256_gcm_randnonce, + EVP_aead_aes_256_gcm_siv, EVP_aead_aes_256_gcm_tls12, EVP_aead_aes_256_gcm_tls13, + EVP_aead_chacha20_poly1305, OPENSSL_malloc, EVP_AEAD_CTX, + }, + cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}, + error::Unspecified, + ptr::LcPtr, }; -use crate::cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}; -use crate::error::Unspecified; -use crate::ptr::LcPtr; pub(crate) enum AeadDirection { Open, diff --git a/aws-lc-rs/src/aead/aes_gcm.rs b/aws-lc-rs/src/aead/aes_gcm.rs index 9b60f818d13..dead4d97e6f 100644 --- a/aws-lc-rs/src/aead/aes_gcm.rs +++ b/aws-lc-rs/src/aead/aes_gcm.rs @@ -3,9 +3,11 @@ use crate::aead::{Algorithm, AlgorithmID}; -use crate::aead::aead_ctx::AeadCtx; -use crate::cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}; -use crate::error::Unspecified; +use crate::{ + aead::aead_ctx::AeadCtx, + cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}, + error::Unspecified, +}; /// AES-128 in GCM mode with 128-bit tags and 96 bit nonces. pub const AES_128_GCM: Algorithm = Algorithm { diff --git a/aws-lc-rs/src/aead/chacha.rs b/aws-lc-rs/src/aead/chacha.rs index 17485ff4630..e9fc14de4f5 100644 --- a/aws-lc-rs/src/aead/chacha.rs +++ b/aws-lc-rs/src/aead/chacha.rs @@ -4,10 +4,11 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aead::aead_ctx::AeadCtx; -use crate::aead::{Algorithm, AlgorithmID}; -use crate::cipher::chacha::KEY_LEN; -use crate::error; +use crate::{ + aead::{aead_ctx::AeadCtx, Algorithm, AlgorithmID}, + cipher::chacha::KEY_LEN, + error, +}; /// ChaCha20-Poly1305 as described in [RFC 7539]. /// diff --git a/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs b/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs index a761bb42ccd..ef838716c4e 100644 --- a/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs +++ b/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs @@ -24,10 +24,16 @@ //! The APIs offered in this module must not be used. use super::{poly1305, Nonce, Tag}; -use crate::cipher::block::BLOCK_LEN; -use crate::cipher::chacha::{self, ChaCha20Key}; -use crate::iv::FixedLength; -use crate::{constant_time, endian::BigEndian, error}; +use crate::{ + cipher::{ + block::BLOCK_LEN, + chacha::{self, ChaCha20Key}, + }, + constant_time, + endian::BigEndian, + error, + iv::FixedLength, +}; /// A key for sealing packets. pub struct SealingKey { @@ -202,13 +208,17 @@ pub(super) fn derive_poly1305_key(chacha_key: &ChaCha20Key, nonce: Nonce) -> pol #[cfg(test)] mod tests { - use crate::aead::chacha20_poly1305_openssh::{ - derive_poly1305_key, OpeningKey, SealingKey, KEY_LEN, TAG_LEN, + use crate::{ + aead::{ + chacha20_poly1305_openssh::{ + derive_poly1305_key, OpeningKey, SealingKey, KEY_LEN, TAG_LEN, + }, + Nonce, + }, + cipher::chacha::ChaCha20Key, + endian::{BigEndian, FromArray, LittleEndian}, + test, }; - use crate::aead::Nonce; - use crate::cipher::chacha::ChaCha20Key; - use crate::endian::{BigEndian, FromArray, LittleEndian}; - use crate::test; #[test] fn derive_poly1305_test() { diff --git a/aws-lc-rs/src/aead/nonce.rs b/aws-lc-rs/src/aead/nonce.rs index 57ea3b38782..51043a735bf 100644 --- a/aws-lc-rs/src/aead/nonce.rs +++ b/aws-lc-rs/src/aead/nonce.rs @@ -3,9 +3,11 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::endian::{ArrayEncoding, BigEndian, Encoding, FromArray, LittleEndian}; -use crate::error; -use crate::iv::FixedLength; +use crate::{ + endian::{ArrayEncoding, BigEndian, Encoding, FromArray, LittleEndian}, + error, + iv::FixedLength, +}; /// A nonce for a single AEAD opening or sealing operation. /// @@ -98,8 +100,7 @@ mod tests { #[test] fn test_nonce_from_byte_array() { - use crate::aead::nonce::IV_LEN; - use crate::aead::Nonce; + use crate::aead::{nonce::IV_LEN, Nonce}; let iv: [u8; IV_LEN] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]; let nonce = Nonce::from(&iv); diff --git a/aws-lc-rs/src/aead/nonce_sequence/counter32.rs b/aws-lc-rs/src/aead/nonce_sequence/counter32.rs index e7d33e22ee1..f08a863b979 100644 --- a/aws-lc-rs/src/aead/nonce_sequence/counter32.rs +++ b/aws-lc-rs/src/aead/nonce_sequence/counter32.rs @@ -1,9 +1,11 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aead::{Nonce, NonceSequence, NONCE_LEN}; -use crate::error::Unspecified; -use crate::iv::FixedLength; +use crate::{ + aead::{Nonce, NonceSequence, NONCE_LEN}, + error::Unspecified, + iv::FixedLength, +}; /// `Counter32` is an implementation of the `NonceSequence` trait. /// @@ -125,8 +127,7 @@ impl NonceSequence for Counter32 { #[cfg(test)] mod tests { - use crate::aead::nonce_sequence::Counter32Builder; - use crate::aead::NonceSequence; + use crate::aead::{nonce_sequence::Counter32Builder, NonceSequence}; #[test] fn test_counter32_identifier() { diff --git a/aws-lc-rs/src/aead/nonce_sequence/counter64.rs b/aws-lc-rs/src/aead/nonce_sequence/counter64.rs index 8c6af9cbce9..caa9ed1ad85 100644 --- a/aws-lc-rs/src/aead/nonce_sequence/counter64.rs +++ b/aws-lc-rs/src/aead/nonce_sequence/counter64.rs @@ -1,9 +1,11 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aead::{Nonce, NonceSequence, NONCE_LEN}; -use crate::error::Unspecified; -use crate::iv::FixedLength; +use crate::{ + aead::{Nonce, NonceSequence, NONCE_LEN}, + error::Unspecified, + iv::FixedLength, +}; /// `Counter64` is an implementation of the `NonceSequence` trait. /// @@ -124,8 +126,7 @@ impl NonceSequence for Counter64 { #[cfg(test)] mod tests { - use crate::aead::nonce_sequence::Counter64Builder; - use crate::aead::NonceSequence; + use crate::aead::{nonce_sequence::Counter64Builder, NonceSequence}; #[test] fn test_counter64_identifier() { diff --git a/aws-lc-rs/src/aead/poly1305.rs b/aws-lc-rs/src/aead/poly1305.rs index 893c71131bf..e7dc8dbb927 100644 --- a/aws-lc-rs/src/aead/poly1305.rs +++ b/aws-lc-rs/src/aead/poly1305.rs @@ -6,8 +6,10 @@ // TODO: enforce maximum input length. use super::{Tag, TAG_LEN}; -use crate::aws_lc::{CRYPTO_poly1305_finish, CRYPTO_poly1305_init, CRYPTO_poly1305_update}; -use crate::cipher::block::BLOCK_LEN; +use crate::{ + aws_lc::{CRYPTO_poly1305_finish, CRYPTO_poly1305_init, CRYPTO_poly1305_update}, + cipher::block::BLOCK_LEN, +}; use core::mem::MaybeUninit; /// A Poly1305 key. diff --git a/aws-lc-rs/src/aead/quic.rs b/aws-lc-rs/src/aead/quic.rs index ac319fe7133..cd2aa1714cc 100644 --- a/aws-lc-rs/src/aead/quic.rs +++ b/aws-lc-rs/src/aead/quic.rs @@ -7,12 +7,11 @@ //! //! See draft-ietf-quic-tls. -use crate::cipher::aes::encrypt_block; -use crate::cipher::block; -use crate::cipher::chacha::encrypt_block_chacha20; -use crate::cipher::key::SymmetricCipherKey; -use crate::hkdf::KeyType; -use crate::{derive_debug_via_id, error, hkdf}; +use crate::{ + cipher::{aes::encrypt_block, block, chacha::encrypt_block_chacha20, key::SymmetricCipherKey}, + derive_debug_via_id, error, hkdf, + hkdf::KeyType, +}; /// A key for generating QUIC Header Protection masks. pub struct HeaderProtectionKey { @@ -174,8 +173,10 @@ fn cipher_new_mask( #[cfg(test)] mod test { - use crate::aead::quic::{Algorithm, HeaderProtectionKey}; - use crate::test; + use crate::{ + aead::quic::{Algorithm, HeaderProtectionKey}, + test, + }; #[test] fn test_types() { diff --git a/aws-lc-rs/src/aead/tls.rs b/aws-lc-rs/src/aead/tls.rs index 9761df61adf..756c8f7075a 100644 --- a/aws-lc-rs/src/aead/tls.rs +++ b/aws-lc-rs/src/aead/tls.rs @@ -6,8 +6,7 @@ use super::{ Aad, Algorithm, AlgorithmID, Nonce, Tag, UnboundKey, }; use crate::error::Unspecified; -use core::fmt::Debug; -use core::ops::RangeFrom; +use core::{fmt::Debug, ops::RangeFrom}; /// The Transport Layer Security (TLS) protocol version. #[allow(clippy::module_name_repetitions)] @@ -299,8 +298,7 @@ impl Debug for TlsRecordOpeningKey { mod tests { use super::{TlsProtocolId, TlsRecordOpeningKey, TlsRecordSealingKey}; use crate::{ - aead::Aad, - aead::{Nonce, AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305}, + aead::{Aad, Nonce, AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305}, test::from_hex, }; use paste::paste; diff --git a/aws-lc-rs/src/aead/unbound_key.rs b/aws-lc-rs/src/aead/unbound_key.rs index 58f0fa2aac1..7605fe33c10 100644 --- a/aws-lc-rs/src/aead/unbound_key.rs +++ b/aws-lc-rs/src/aead/unbound_key.rs @@ -1,17 +1,20 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use super::{aead_ctx::AeadCtx, Algorithm, Nonce, MAX_KEY_LEN, MAX_TAG_LEN, NONCE_LEN}; use super::{ - Tag, AES_128_GCM, AES_128_GCM_SIV, AES_192_GCM, AES_256_GCM, AES_256_GCM_SIV, CHACHA20_POLY1305, + aead_ctx::AeadCtx, Algorithm, Nonce, Tag, AES_128_GCM, AES_128_GCM_SIV, AES_192_GCM, + AES_256_GCM, AES_256_GCM_SIV, CHACHA20_POLY1305, MAX_KEY_LEN, MAX_TAG_LEN, NONCE_LEN, }; -use crate::aws_lc::{ - EVP_AEAD_CTX_open, EVP_AEAD_CTX_open_gather, EVP_AEAD_CTX_seal, EVP_AEAD_CTX_seal_scatter, +use crate::{ + aws_lc::{ + EVP_AEAD_CTX_open, EVP_AEAD_CTX_open_gather, EVP_AEAD_CTX_seal, EVP_AEAD_CTX_seal_scatter, + }, + error::Unspecified, + fips::indicator_check, + hkdf, + iv::FixedLength, }; -use crate::iv::FixedLength; -use crate::{error::Unspecified, fips::indicator_check, hkdf}; -use core::fmt::Debug; -use core::{mem::MaybeUninit, ops::RangeFrom, ptr::null}; +use core::{fmt::Debug, mem::MaybeUninit, ops::RangeFrom, ptr::null}; /// The maximum length of a nonce returned by our AEAD API. const MAX_NONCE_LEN: usize = NONCE_LEN; diff --git a/aws-lc-rs/src/agreement.rs b/aws-lc-rs/src/agreement.rs index 928f0b8b1b8..de3ba2ac3f1 100644 --- a/aws-lc-rs/src/agreement.rs +++ b/aws-lc-rs/src/agreement.rs @@ -53,28 +53,33 @@ mod ephemeral; pub use ephemeral::{agree_ephemeral, EphemeralPrivateKey}; -use crate::aws_lc::{ - CBS_init, EVP_PKEY_CTX_new_id, EVP_PKEY_bits, EVP_PKEY_derive, EVP_PKEY_derive_init, - EVP_PKEY_derive_set_peer, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get_raw_private_key, - EVP_PKEY_get_raw_public_key, EVP_PKEY_id, EVP_PKEY_keygen, EVP_PKEY_keygen_init, - EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_marshal_public_key, - EVP_parse_public_key, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, BIGNUM, CBS, - EVP_PKEY, EVP_PKEY_X25519, NID_X25519, +use crate::{ + aws_lc::{ + CBS_init, EVP_PKEY_CTX_new_id, EVP_PKEY_bits, EVP_PKEY_derive, EVP_PKEY_derive_init, + EVP_PKEY_derive_set_peer, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get_raw_private_key, + EVP_PKEY_get_raw_public_key, EVP_PKEY_id, EVP_PKEY_keygen, EVP_PKEY_keygen_init, + EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_marshal_public_key, + EVP_parse_public_key, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, BIGNUM, CBS, + EVP_PKEY, EVP_PKEY_X25519, NID_X25519, + }, + cbb::LcCBB, + ec, + ec::{ec_group_from_nid, evp_key_generate}, + error::{KeyRejected, Unspecified}, + fips::indicator_check, + hex, + ptr::{ConstPointer, LcPtr}, }; -use crate::cbb::LcCBB; -use crate::ec::{ec_group_from_nid, evp_key_generate}; -use crate::error::{KeyRejected, Unspecified}; -use crate::fips::indicator_check; -use crate::ptr::{ConstPointer, LcPtr}; -use crate::{ec, hex}; use crate::encoding::{ AsBigEndian, AsDer, Curve25519SeedBin, EcPrivateKeyBin, EcPrivateKeyRfc5915Der, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, }; -use core::fmt; -use core::fmt::{Debug, Formatter}; -use core::ptr::null_mut; +use core::{ + fmt, + fmt::{Debug, Formatter}, + ptr::null_mut, +}; use std::mem::MaybeUninit; #[allow(non_camel_case_types)] @@ -889,15 +894,17 @@ fn try_parse_x25519_subject_public_key_info_bytes( #[cfg(test)] mod tests { - use crate::agreement::{ - agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey, ECDH_P256, ECDH_P384, - ECDH_P521, X25519, - }; - use crate::encoding::{ - AsBigEndian, AsDer, Curve25519SeedBin, EcPrivateKeyBin, EcPrivateKeyRfc5915Der, - EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, + use crate::{ + agreement::{ + agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey, ECDH_P256, ECDH_P384, + ECDH_P521, X25519, + }, + encoding::{ + AsBigEndian, AsDer, Curve25519SeedBin, EcPrivateKeyBin, EcPrivateKeyRfc5915Der, + EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, + }, + rand, test, }; - use crate::{rand, test}; #[test] fn test_agreement_x25519() { @@ -1199,8 +1206,7 @@ mod tests { #[test] fn agreement_traits() { use crate::test; - use regex; - use regex::Regex; + use regex::{self, Regex}; let rng = rand::SystemRandom::new(); let private_key = PrivateKey::generate_for_test(&ECDH_P256, &rng).unwrap(); diff --git a/aws-lc-rs/src/agreement/ephemeral.rs b/aws-lc-rs/src/agreement/ephemeral.rs index 5ca94dbe93e..e98d1fa1011 100644 --- a/aws-lc-rs/src/agreement/ephemeral.rs +++ b/aws-lc-rs/src/agreement/ephemeral.rs @@ -1,11 +1,15 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::agreement::{agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey}; -use crate::error::Unspecified; -use crate::rand::SecureRandom; -use core::fmt; -use core::fmt::{Debug, Formatter}; +use crate::{ + agreement::{agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey}, + error::Unspecified, + rand::SecureRandom, +}; +use core::{ + fmt, + fmt::{Debug, Formatter}, +}; /// An ephemeral private key for use (only) with `agree_ephemeral`. The /// signature of `agree_ephemeral` ensures that an `PrivateKey` can be @@ -112,12 +116,16 @@ where #[cfg(test)] mod tests { - use crate::agreement::{AlgorithmID, PublicKey}; - use crate::encoding::{ - AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, + use crate::{ + agreement, + agreement::{AlgorithmID, PublicKey}, + encoding::{ + AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, + PublicKeyX509Der, + }, + error::Unspecified, + rand, test, test_file, }; - use crate::error::Unspecified; - use crate::{agreement, rand, test, test_file}; #[test] fn test_agreement_ecdh_x25519_rfc_iterated() { diff --git a/aws-lc-rs/src/bn.rs b/aws-lc-rs/src/bn.rs index 8e864d325ca..6da707f4f47 100644 --- a/aws-lc-rs/src/bn.rs +++ b/aws-lc-rs/src/bn.rs @@ -1,8 +1,10 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::{BN_bin2bn, BN_bn2bin, BN_new, BN_num_bits, BN_num_bytes, BN_set_u64, BIGNUM}; -use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; +use crate::{ + aws_lc::{BN_bin2bn, BN_bn2bin, BN_new, BN_num_bits, BN_num_bytes, BN_set_u64, BIGNUM}, + ptr::{ConstPointer, DetachableLcPtr, LcPtr}, +}; use core::ptr::null_mut; impl TryFrom<&[u8]> for LcPtr { diff --git a/aws-lc-rs/src/buffer.rs b/aws-lc-rs/src/buffer.rs index bf5c2d6dd37..541550a6e1b 100644 --- a/aws-lc-rs/src/buffer.rs +++ b/aws-lc-rs/src/buffer.rs @@ -7,8 +7,7 @@ #![allow(clippy::module_name_repetitions)] use alloc::borrow::Cow; -use core::fmt; -use core::marker::PhantomData; +use core::{fmt, marker::PhantomData}; use zeroize::Zeroize; diff --git a/aws-lc-rs/src/cbb.rs b/aws-lc-rs/src/cbb.rs index ea23535af71..9ea96307de5 100644 --- a/aws-lc-rs/src/cbb.rs +++ b/aws-lc-rs/src/cbb.rs @@ -1,13 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::{CBB_cleanup, CBB_finish, CBB_init, CBB_init_fixed, CBB}; -use crate::buffer::Buffer; -use crate::error::Unspecified; -use crate::ptr::LcPtr; -use core::marker::PhantomData; -use core::mem::MaybeUninit; -use core::ptr::null_mut; +use crate::{ + aws_lc::{CBB_cleanup, CBB_finish, CBB_init, CBB_init_fixed, CBB}, + buffer::Buffer, + error::Unspecified, + ptr::LcPtr, +}; +use core::{marker::PhantomData, mem::MaybeUninit, ptr::null_mut}; pub(crate) struct LcCBB<'a>(CBB, PhantomData<&'a CBB>); diff --git a/aws-lc-rs/src/cipher.rs b/aws-lc-rs/src/cipher.rs index ebbc2eb9c19..4f8c4196ad8 100644 --- a/aws-lc-rs/src/cipher.rs +++ b/aws-lc-rs/src/cipher.rs @@ -228,17 +228,19 @@ mod streaming; pub use padded::{PaddedBlockDecryptingKey, PaddedBlockEncryptingKey}; pub use streaming::{BufferUpdate, StreamingDecryptingKey, StreamingEncryptingKey}; -use crate::aws_lc::{ - EVP_aes_128_cbc, EVP_aes_128_cfb128, EVP_aes_128_ctr, EVP_aes_128_ecb, EVP_aes_192_cbc, - EVP_aes_192_cfb128, EVP_aes_192_ctr, EVP_aes_192_ecb, EVP_aes_256_cbc, EVP_aes_256_cfb128, - EVP_aes_256_ctr, EVP_aes_256_ecb, EVP_CIPHER, +use crate::{ + aws_lc::{ + EVP_aes_128_cbc, EVP_aes_128_cfb128, EVP_aes_128_ctr, EVP_aes_128_ecb, EVP_aes_192_cbc, + EVP_aes_192_cfb128, EVP_aes_192_ctr, EVP_aes_192_ecb, EVP_aes_256_cbc, EVP_aes_256_cfb128, + EVP_aes_256_ctr, EVP_aes_256_ecb, EVP_CIPHER, + }, + buffer::Buffer, + error::Unspecified, + hkdf, + hkdf::KeyType, + iv::{FixedLength, IV_LEN_128_BIT}, + ptr::ConstPointer, }; -use crate::buffer::Buffer; -use crate::error::Unspecified; -use crate::hkdf; -use crate::hkdf::KeyType; -use crate::iv::{FixedLength, IV_LEN_128_BIT}; -use crate::ptr::ConstPointer; use core::fmt::Debug; use key::SymmetricCipherKey; diff --git a/aws-lc-rs/src/cipher/aes.rs b/aws-lc-rs/src/cipher/aes.rs index 2700f452372..b4ae8af8a55 100644 --- a/aws-lc-rs/src/cipher/aes.rs +++ b/aws-lc-rs/src/cipher/aes.rs @@ -3,11 +3,15 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::{ - AES_cbc_encrypt, AES_cfb128_encrypt, AES_ctr128_encrypt, AES_ecb_encrypt, AES_DECRYPT, - AES_ENCRYPT, AES_KEY, +use crate::{ + aws_lc::{ + AES_cbc_encrypt, AES_cfb128_encrypt, AES_ctr128_encrypt, AES_ecb_encrypt, AES_DECRYPT, + AES_ENCRYPT, AES_KEY, + }, + cipher::block::Block, + error::Unspecified, + fips::indicator_check, }; -use crate::{cipher::block::Block, error::Unspecified, fips::indicator_check}; use zeroize::Zeroize; use super::{DecryptionContext, EncryptionContext, OperatingMode, SymmetricCipherKey}; diff --git a/aws-lc-rs/src/cipher/chacha.rs b/aws-lc-rs/src/cipher/chacha.rs index b7514737817..dbeefb70400 100644 --- a/aws-lc-rs/src/cipher/chacha.rs +++ b/aws-lc-rs/src/cipher/chacha.rs @@ -4,8 +4,10 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::CRYPTO_chacha_20; -use crate::cipher::block::{Block, BLOCK_LEN}; +use crate::{ + aws_lc::CRYPTO_chacha_20, + cipher::block::{Block, BLOCK_LEN}, +}; use zeroize::Zeroize; use crate::error; diff --git a/aws-lc-rs/src/cipher/key.rs b/aws-lc-rs/src/cipher/key.rs index e684783a8cd..f333d54835e 100644 --- a/aws-lc-rs/src/cipher/key.rs +++ b/aws-lc-rs/src/cipher/key.rs @@ -1,13 +1,17 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::{AES_set_decrypt_key, AES_set_encrypt_key, AES_KEY}; -use crate::cipher::block::Block; -use crate::cipher::chacha::ChaCha20Key; -use crate::cipher::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}; -use crate::error::Unspecified; -use core::mem::{size_of, MaybeUninit}; -use core::ptr::copy_nonoverlapping; +use crate::{ + aws_lc::{AES_set_decrypt_key, AES_set_encrypt_key, AES_KEY}, + cipher::{ + block::Block, chacha::ChaCha20Key, AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN, + }, + error::Unspecified, +}; +use core::{ + mem::{size_of, MaybeUninit}, + ptr::copy_nonoverlapping, +}; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_uint; use std::os::raw::c_uint; @@ -129,9 +133,13 @@ impl SymmetricCipherKey { #[cfg(test)] mod tests { - use crate::cipher::block::{Block, BLOCK_LEN}; - use crate::cipher::key::SymmetricCipherKey; - use crate::test::from_hex; + use crate::{ + cipher::{ + block::{Block, BLOCK_LEN}, + key::SymmetricCipherKey, + }, + test::from_hex, + }; #[test] fn test_encrypt_block_aes_128() { diff --git a/aws-lc-rs/src/cipher/padded.rs b/aws-lc-rs/src/cipher/padded.rs index 25c7bd99df3..b99c9389ef9 100644 --- a/aws-lc-rs/src/cipher/padded.rs +++ b/aws-lc-rs/src/cipher/padded.rs @@ -1,12 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::cipher; -use crate::cipher::key::SymmetricCipherKey; -use crate::cipher::{ - Algorithm, DecryptionContext, EncryptionContext, OperatingMode, UnboundCipherKey, - MAX_CIPHER_BLOCK_LEN, +use crate::{ + cipher, + cipher::{ + key::SymmetricCipherKey, Algorithm, DecryptionContext, EncryptionContext, OperatingMode, + UnboundCipherKey, MAX_CIPHER_BLOCK_LEN, + }, + error::Unspecified, }; -use crate::error::Unspecified; use core::fmt::Debug; /// The cipher block padding strategy. @@ -291,12 +292,14 @@ impl Debug for PaddedBlockDecryptingKey { #[cfg(test)] mod tests { - use crate::cipher::{ - padded::PaddingStrategy, Algorithm, EncryptionContext, OperatingMode, - PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, + use crate::{ + cipher::{ + padded::PaddingStrategy, Algorithm, EncryptionContext, OperatingMode, + PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, + }, + iv::FixedLength, + test::from_hex, }; - use crate::iv::FixedLength; - use crate::test::from_hex; fn helper_test_padded_cipher_n_bytes( key: &[u8], diff --git a/aws-lc-rs/src/cipher/streaming.rs b/aws-lc-rs/src/cipher/streaming.rs index 51aba245d1c..e327e0553ab 100644 --- a/aws-lc-rs/src/cipher/streaming.rs +++ b/aws-lc-rs/src/cipher/streaming.rs @@ -1,17 +1,17 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::{ - EVP_CIPHER_CTX_new, EVP_CIPHER_iv_length, EVP_CIPHER_key_length, EVP_DecryptFinal_ex, - EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_EncryptFinal_ex, EVP_EncryptInit_ex, - EVP_EncryptUpdate, EVP_CIPHER, EVP_CIPHER_CTX, +use crate::{ + aws_lc::{ + EVP_CIPHER_CTX_new, EVP_CIPHER_iv_length, EVP_CIPHER_key_length, EVP_DecryptFinal_ex, + EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_EncryptFinal_ex, EVP_EncryptInit_ex, + EVP_EncryptUpdate, EVP_CIPHER, EVP_CIPHER_CTX, + }, + cipher::{Algorithm, DecryptionContext, EncryptionContext, OperatingMode, UnboundCipherKey}, + error::Unspecified, + fips::indicator_check, + ptr::LcPtr, }; -use crate::cipher::{ - Algorithm, DecryptionContext, EncryptionContext, OperatingMode, UnboundCipherKey, -}; -use crate::error::Unspecified; -use crate::fips::indicator_check; -use crate::ptr::LcPtr; use std::ptr::{null, null_mut}; use super::ConstPointer; @@ -500,13 +500,15 @@ impl StreamingDecryptingKey { #[cfg(test)] mod tests { - use crate::cipher::{ - DecryptionContext, EncryptionContext, OperatingMode, StreamingDecryptingKey, - StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_256, AES_256_KEY_LEN, + use crate::{ + cipher::{ + DecryptionContext, EncryptionContext, OperatingMode, StreamingDecryptingKey, + StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_256, AES_256_KEY_LEN, + }, + iv::{FixedLength, IV_LEN_128_BIT}, + rand::{SecureRandom, SystemRandom}, + test::from_hex, }; - use crate::iv::{FixedLength, IV_LEN_128_BIT}; - use crate::rand::{SecureRandom, SystemRandom}; - use crate::test::from_hex; use paste::*; fn step_encrypt( diff --git a/aws-lc-rs/src/constant_time.rs b/aws-lc-rs/src/constant_time.rs index 1677ef6ec9a..d81ce5633f1 100644 --- a/aws-lc-rs/src/constant_time.rs +++ b/aws-lc-rs/src/constant_time.rs @@ -5,8 +5,7 @@ //! Constant-time operations. -use crate::aws_lc::CRYPTO_memcmp; -use crate::error; +use crate::{aws_lc::CRYPTO_memcmp, error}; /// Returns `Ok(())` if `a == b` and `Err(error::Unspecified)` otherwise. /// diff --git a/aws-lc-rs/src/digest.rs b/aws-lc-rs/src/digest.rs index b46d22334ff..de867ca05d0 100644 --- a/aws-lc-rs/src/digest.rs +++ b/aws-lc-rs/src/digest.rs @@ -28,17 +28,18 @@ //! ``` #![allow(non_snake_case)] -use crate::fips::indicator_check; -use crate::{debug, derive_debug_via_id}; +use crate::{debug, derive_debug_via_id, fips::indicator_check}; pub(crate) mod digest_ctx; mod sha; -use crate::aws_lc::{ - EVP_DigestFinal, EVP_DigestUpdate, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha3_256, - EVP_sha3_384, EVP_sha3_512, EVP_sha512, EVP_sha512_256, EVP_MD, +use crate::{ + aws_lc::{ + EVP_DigestFinal, EVP_DigestUpdate, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, + EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_sha512, EVP_sha512_256, EVP_MD, + }, + error::Unspecified, + ptr::ConstPointer, }; -use crate::error::Unspecified; -use crate::ptr::ConstPointer; use core::mem::MaybeUninit; use digest_ctx::DigestContext; pub use sha::{ @@ -366,8 +367,7 @@ mod tests { extern crate alloc; use super::super::super::digest; - use crate::digest::digest_ctx::DigestContext; - use crate::digest::Digest; + use crate::digest::{digest_ctx::DigestContext, Digest}; use alloc::vec; macro_rules! max_input_tests { diff --git a/aws-lc-rs/src/digest/digest_ctx.rs b/aws-lc-rs/src/digest/digest_ctx.rs index 02714dc0e44..155e885c20d 100644 --- a/aws-lc-rs/src/digest/digest_ctx.rs +++ b/aws-lc-rs/src/digest/digest_ctx.rs @@ -1,13 +1,12 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::{ - EVP_DigestInit_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_copy, EVP_MD_CTX_init, EVP_MD_CTX, +use crate::{ + aws_lc::{EVP_DigestInit_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_copy, EVP_MD_CTX_init, EVP_MD_CTX}, + digest::{match_digest_type, Algorithm}, + error::Unspecified, }; -use crate::digest::{match_digest_type, Algorithm}; -use crate::error::Unspecified; -use core::mem::MaybeUninit; -use core::ptr::null_mut; +use core::{mem::MaybeUninit, ptr::null_mut}; pub(crate) struct DigestContext(EVP_MD_CTX); diff --git a/aws-lc-rs/src/ec.rs b/aws-lc-rs/src/ec.rs index 781363fa4d8..8345ab03240 100644 --- a/aws-lc-rs/src/ec.rs +++ b/aws-lc-rs/src/ec.rs @@ -4,9 +4,10 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC use crate::ec::signature::AlgorithmID; -use core::mem::MaybeUninit; -use core::ptr::null; -use core::ptr::null_mut; +use core::{ + mem::MaybeUninit, + ptr::{null, null_mut}, +}; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_int; use std::os::raw::c_int; @@ -26,10 +27,12 @@ use crate::aws_lc::{ EC_GROUP, EC_KEY, EC_POINT, EVP_PKEY, EVP_PKEY_EC, }; -use crate::error::{KeyRejected, Unspecified}; -use crate::fips::indicator_check; -use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; -use crate::signature::Signature; +use crate::{ + error::{KeyRejected, Unspecified}, + fips::indicator_check, + ptr::{ConstPointer, DetachableLcPtr, LcPtr}, + signature::Signature, +}; pub(crate) mod key_pair; pub(crate) mod signature; @@ -424,13 +427,19 @@ pub(crate) const fn uncompressed_public_key_size_bytes(curve_field_bits: usize) #[cfg(test)] mod tests { - use crate::encoding::{ - AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, + use crate::{ + encoding::{ + AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, + PublicKeyX509Der, + }, + signature, + signature::{ + EcdsaKeyPair, KeyPair, UnparsedPublicKey, ECDSA_P256_SHA256_FIXED, + ECDSA_P256_SHA256_FIXED_SIGNING, + }, + test, + test::from_dirty_hex, }; - use crate::signature::{EcdsaKeyPair, UnparsedPublicKey, ECDSA_P256_SHA256_FIXED}; - use crate::signature::{KeyPair, ECDSA_P256_SHA256_FIXED_SIGNING}; - use crate::test::from_dirty_hex; - use crate::{signature, test}; #[test] fn test_from_pkcs8() { diff --git a/aws-lc-rs/src/ec/key_pair.rs b/aws-lc-rs/src/ec/key_pair.rs index a6a782fb79b..7796da23359 100644 --- a/aws-lc-rs/src/ec/key_pair.rs +++ b/aws-lc-rs/src/ec/key_pair.rs @@ -3,29 +3,37 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use core::fmt; -use core::fmt::{Debug, Formatter}; -use core::mem::MaybeUninit; -use core::ptr::{null, null_mut}; +use core::{ + fmt, + fmt::{Debug, Formatter}, + mem::MaybeUninit, + ptr::{null, null_mut}, +}; use crate::aws_lc::{EVP_DigestSign, EVP_DigestSignInit, EVP_PKEY_get0_EC_KEY, EVP_PKEY}; -use crate::digest::digest_ctx::DigestContext; -use crate::ec::evp_key_generate; -use crate::ec::signature::{EcdsaSignatureFormat, EcdsaSigningAlgorithm, PublicKey}; #[cfg(feature = "fips")] use crate::ec::validate_evp_key; #[cfg(not(feature = "fips"))] use crate::ec::verify_evp_key_nid; - -use crate::encoding::{AsBigEndian, AsDer, EcPrivateKeyBin, EcPrivateKeyRfc5915Der}; -use crate::error::{KeyRejected, Unspecified}; -use crate::fips::indicator_check; -use crate::pkcs8::{Document, Version}; -use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; -use crate::rand::SecureRandom; -use crate::signature::{KeyPair, Signature}; -use crate::{digest, ec}; +use crate::{ + digest::digest_ctx::DigestContext, + ec::{ + evp_key_generate, + signature::{EcdsaSignatureFormat, EcdsaSigningAlgorithm, PublicKey}, + }, +}; + +use crate::{ + digest, ec, + encoding::{AsBigEndian, AsDer, EcPrivateKeyBin, EcPrivateKeyRfc5915Der}, + error::{KeyRejected, Unspecified}, + fips::indicator_check, + pkcs8::{Document, Version}, + ptr::{ConstPointer, DetachableLcPtr, LcPtr}, + rand::SecureRandom, + signature::{KeyPair, Signature}, +}; /// An ECDSA key pair, used for signing. #[allow(clippy::module_name_repetitions)] diff --git a/aws-lc-rs/src/ec/signature.rs b/aws-lc-rs/src/ec/signature.rs index 1b4206eebb0..5fe422d78b3 100644 --- a/aws-lc-rs/src/ec/signature.rs +++ b/aws-lc-rs/src/ec/signature.rs @@ -8,24 +8,27 @@ use crate::aws_lc::{ BIGNUM, ECDSA_SIG, EVP_PKEY, }; -use crate::digest::digest_ctx::DigestContext; -use crate::ec::{ - compressed_public_key_size_bytes, ec_point_from_bytes, marshal_ec_public_key_to_buffer, - marshal_public_key_to_buffer, try_parse_public_key_bytes, PUBLIC_KEY_MAX_LEN, +use crate::{ + digest, + digest::digest_ctx::DigestContext, + ec::{ + compressed_public_key_size_bytes, ec_point_from_bytes, marshal_ec_public_key_to_buffer, + marshal_public_key_to_buffer, try_parse_public_key_bytes, PUBLIC_KEY_MAX_LEN, + }, + encoding::{ + AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, + }, + error::Unspecified, + fips::indicator_check, + ptr::{ConstPointer, DetachableLcPtr, LcPtr}, + sealed, + signature::VerificationAlgorithm, }; -use crate::encoding::{ - AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, +use core::{ + fmt, + fmt::{Debug, Formatter}, }; -use crate::error::Unspecified; -use crate::fips::indicator_check; -use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; -use crate::signature::VerificationAlgorithm; -use crate::{digest, sealed}; -use core::fmt; -use core::fmt::{Debug, Formatter}; -use std::mem::MaybeUninit; -use std::ops::Deref; -use std::ptr::null_mut; +use std::{mem::MaybeUninit, ops::Deref, ptr::null_mut}; #[cfg(feature = "ring-sig-verify")] use untrusted::Input; diff --git a/aws-lc-rs/src/ed25519.rs b/aws-lc-rs/src/ed25519.rs index efd6229fe79..bd3042e5d05 100644 --- a/aws-lc-rs/src/ed25519.rs +++ b/aws-lc-rs/src/ed25519.rs @@ -3,10 +3,12 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use core::fmt; -use core::fmt::{Debug, Formatter}; -use core::mem::MaybeUninit; -use core::ptr::null_mut; +use core::{ + fmt, + fmt::{Debug, Formatter}, + mem::MaybeUninit, + ptr::null_mut, +}; use std::marker::PhantomData; #[cfg(feature = "ring-sig-verify")] @@ -20,18 +22,20 @@ use crate::aws_lc::{ EVP_PKEY_ED25519, }; -use crate::cbb::LcCBB; -use crate::digest::digest_ctx::DigestContext; -use crate::encoding::{ - AsBigEndian, AsDer, Curve25519SeedBin, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der, +use crate::{ + cbb::LcCBB, + constant_time, + digest::digest_ctx::DigestContext, + encoding::{AsBigEndian, AsDer, Curve25519SeedBin, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der}, + error::{KeyRejected, Unspecified}, + fips::indicator_check, + hex, + pkcs8::{Document, Version}, + ptr::LcPtr, + rand::SecureRandom, + sealed, + signature::{KeyPair, Signature, VerificationAlgorithm}, }; -use crate::error::{KeyRejected, Unspecified}; -use crate::fips::indicator_check; -use crate::pkcs8::{Document, Version}; -use crate::ptr::LcPtr; -use crate::rand::SecureRandom; -use crate::signature::{KeyPair, Signature, VerificationAlgorithm}; -use crate::{constant_time, hex, sealed}; /// The length of an Ed25519 public key. pub const ED25519_PUBLIC_KEY_LEN: usize = aws_lc::ED25519_PUBLIC_KEY_LEN as usize; @@ -566,11 +570,14 @@ impl AsDer> for Ed25519KeyPair { #[cfg(test)] mod tests { - use crate::ed25519::Ed25519KeyPair; - use crate::encoding::{AsBigEndian, AsDer, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der}; - use crate::rand::SystemRandom; - use crate::signature::{KeyPair, UnparsedPublicKey, ED25519}; - use crate::{hex, test}; + use crate::{ + ed25519::Ed25519KeyPair, + encoding::{AsBigEndian, AsDer, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der}, + hex, + rand::SystemRandom, + signature::{KeyPair, UnparsedPublicKey, ED25519}, + test, + }; #[test] fn test_generate() { diff --git a/aws-lc-rs/src/error.rs b/aws-lc-rs/src/error.rs index a754ae5a35b..df63d45d45c 100644 --- a/aws-lc-rs/src/error.rs +++ b/aws-lc-rs/src/error.rs @@ -232,8 +232,7 @@ impl From for KeyRejected { #[allow(deprecated, unused_imports)] #[cfg(test)] mod tests { - use crate::error::KeyRejected; - use crate::test; + use crate::{error::KeyRejected, test}; use std::error::Error; #[test] diff --git a/aws-lc-rs/src/evp_pkey.rs b/aws-lc-rs/src/evp_pkey.rs index d98ea5379da..3dbfe4faef4 100644 --- a/aws-lc-rs/src/evp_pkey.rs +++ b/aws-lc-rs/src/evp_pkey.rs @@ -1,21 +1,22 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::aws_lc::{ - EVP_PKEY_CTX_new, EVP_PKEY_bits, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_id, - EVP_PKEY_up_ref, EVP_marshal_private_key, EVP_marshal_private_key_v2, EVP_parse_private_key, - EC_KEY, EVP_PKEY, EVP_PKEY_CTX, RSA, +use crate::{ + aws_lc::{ + EVP_PKEY_CTX_new, EVP_PKEY_bits, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_id, + EVP_PKEY_up_ref, EVP_marshal_private_key, EVP_marshal_private_key_v2, + EVP_parse_private_key, EC_KEY, EVP_PKEY, EVP_PKEY_CTX, RSA, + }, + cbb::LcCBB, + cbs, + ec::PKCS8_DOCUMENT_MAX_LEN, + error::{KeyRejected, Unspecified}, + pkcs8::Version, + ptr::LcPtr, }; -use crate::cbb::LcCBB; -use crate::cbs; -use crate::ec::PKCS8_DOCUMENT_MAX_LEN; -use crate::error::{KeyRejected, Unspecified}; -use crate::pkcs8::Version; -use crate::ptr::LcPtr; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_int; -use std::os::raw::c_int; -use std::ptr::null_mut; +use std::{os::raw::c_int, ptr::null_mut}; impl TryFrom<&[u8]> for LcPtr { type Error = KeyRejected; diff --git a/aws-lc-rs/src/hkdf.rs b/aws-lc-rs/src/hkdf.rs index b7dddf4ee22..7a0d09254df 100644 --- a/aws-lc-rs/src/hkdf.rs +++ b/aws-lc-rs/src/hkdf.rs @@ -37,10 +37,13 @@ //! let aead_unbound_key = aead::UnboundKey::from(aes_keying_material); //! ``` -use crate::aws_lc::{HKDF_expand, HKDF}; -use crate::error::Unspecified; -use crate::fips::indicator_check; -use crate::{digest, hmac}; +use crate::{ + aws_lc::{HKDF_expand, HKDF}, + digest, + error::Unspecified, + fips::indicator_check, + hmac, +}; use alloc::sync::Arc; use core::fmt; use zeroize::Zeroize; diff --git a/aws-lc-rs/src/hmac.rs b/aws-lc-rs/src/hmac.rs index a660823e184..d1476f1bd85 100644 --- a/aws-lc-rs/src/hmac.rs +++ b/aws-lc-rs/src/hmac.rs @@ -95,15 +95,17 @@ //! ``` //! [RFC 2104]: https://tools.ietf.org/html/rfc2104 -use crate::aws_lc::{ - HMAC_CTX_cleanup, HMAC_CTX_copy_ex, HMAC_CTX_init, HMAC_Final, HMAC_Init_ex, HMAC_Update, - HMAC_CTX, +use crate::{ + aws_lc::{ + HMAC_CTX_cleanup, HMAC_CTX_copy_ex, HMAC_CTX_init, HMAC_Final, HMAC_Init_ex, HMAC_Update, + HMAC_CTX, + }, + constant_time, digest, + error::Unspecified, + fips::indicator_check, + hkdf, }; -use crate::error::Unspecified; -use crate::fips::indicator_check; -use crate::{constant_time, digest, hkdf}; -use core::mem::MaybeUninit; -use core::ptr::null_mut; +use core::{mem::MaybeUninit, ptr::null_mut}; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_uint; use std::os::raw::c_uint; diff --git a/aws-lc-rs/src/iv.rs b/aws-lc-rs/src/iv.rs index b4f5684f7db..8988139f017 100644 --- a/aws-lc-rs/src/iv.rs +++ b/aws-lc-rs/src/iv.rs @@ -6,8 +6,7 @@ //! Initialization Vector (IV) cryptographic primitives -use crate::error::Unspecified; -use crate::rand; +use crate::{error::Unspecified, rand}; use zeroize::Zeroize; /// Length of a 128-bit IV in bytes. diff --git a/aws-lc-rs/src/kdf/kbkdf.rs b/aws-lc-rs/src/kdf/kbkdf.rs index ec0f96b0c39..5412aab72f5 100644 --- a/aws-lc-rs/src/kdf/kbkdf.rs +++ b/aws-lc-rs/src/kdf/kbkdf.rs @@ -3,8 +3,7 @@ #![allow(clippy::module_name_repetitions)] -use crate::aws_lc::KBKDF_ctr_hmac; -use crate::aws_lc::EVP_MD; +use crate::aws_lc::{KBKDF_ctr_hmac, EVP_MD}; use crate::{ digest::{match_digest_type, AlgorithmID}, diff --git a/aws-lc-rs/src/kdf/sskdf.rs b/aws-lc-rs/src/kdf/sskdf.rs index b46da9ad15a..f2baa66c58f 100644 --- a/aws-lc-rs/src/kdf/sskdf.rs +++ b/aws-lc-rs/src/kdf/sskdf.rs @@ -3,8 +3,7 @@ #![allow(clippy::module_name_repetitions)] -use crate::aws_lc::EVP_MD; -use crate::aws_lc::{SSKDF_digest, SSKDF_hmac}; +use crate::aws_lc::{SSKDF_digest, SSKDF_hmac, EVP_MD}; use crate::{ digest::{match_digest_type, AlgorithmID}, diff --git a/aws-lc-rs/src/kem.rs b/aws-lc-rs/src/kem.rs index 92b34e807c6..f1c64d9a02f 100644 --- a/aws-lc-rs/src/kem.rs +++ b/aws-lc-rs/src/kem.rs @@ -45,12 +45,13 @@ //! //! # Ok::<(), aws_lc_rs::error::Unspecified>(()) //! ``` -use crate::aws_lc::{ - EVP_PKEY_CTX_kem_set_params, EVP_PKEY_CTX_new_id, EVP_PKEY_decapsulate, EVP_PKEY_encapsulate, - EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key, EVP_PKEY_kem_new_raw_public_key, - EVP_PKEY_keygen, EVP_PKEY_keygen_init, EVP_PKEY, EVP_PKEY_KEM, -}; use crate::{ + aws_lc::{ + EVP_PKEY_CTX_kem_set_params, EVP_PKEY_CTX_new_id, EVP_PKEY_decapsulate, + EVP_PKEY_encapsulate, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key, + EVP_PKEY_kem_new_raw_public_key, EVP_PKEY_keygen, EVP_PKEY_keygen_init, EVP_PKEY, + EVP_PKEY_KEM, + }, buffer::Buffer, encoding::generated_encodings, error::{KeyRejected, Unspecified}, @@ -508,8 +509,7 @@ fn kem_key_generate(nid: i32) -> Result, Unspecified> { #[cfg(test)] mod tests { - use super::{Ciphertext, SharedSecret}; - use super::{DecapsulationKey, EncapsulationKey}; + use super::{Ciphertext, DecapsulationKey, EncapsulationKey, SharedSecret}; use crate::error::KeyRejected; use crate::kem::{ML_KEM_1024, ML_KEM_512, ML_KEM_768}; diff --git a/aws-lc-rs/src/key_wrap.rs b/aws-lc-rs/src/key_wrap.rs index e1b45dc91df..b62113e74d0 100644 --- a/aws-lc-rs/src/key_wrap.rs +++ b/aws-lc-rs/src/key_wrap.rs @@ -32,11 +32,15 @@ //! # } //! ``` -use crate::aws_lc::{ - AES_set_decrypt_key, AES_set_encrypt_key, AES_unwrap_key, AES_unwrap_key_padded, AES_wrap_key, - AES_wrap_key_padded, AES_KEY, +use crate::{ + aws_lc::{ + AES_set_decrypt_key, AES_set_encrypt_key, AES_unwrap_key, AES_unwrap_key_padded, + AES_wrap_key, AES_wrap_key_padded, AES_KEY, + }, + error::Unspecified, + fips::indicator_check, + sealed::Sealed, }; -use crate::{error::Unspecified, fips::indicator_check, sealed::Sealed}; use core::{fmt::Debug, mem::MaybeUninit, ptr::null}; mod tests; diff --git a/aws-lc-rs/src/pbkdf2.rs b/aws-lc-rs/src/pbkdf2.rs index e83b45de014..64878493719 100644 --- a/aws-lc-rs/src/pbkdf2.rs +++ b/aws-lc-rs/src/pbkdf2.rs @@ -103,10 +103,10 @@ //! assert!(db.verify_password("alice", "@74d7]404j|W}6u").is_ok()); //! } -use crate::aws_lc::PKCS5_PBKDF2_HMAC; -use crate::error::Unspecified; -use crate::fips::indicator_check; -use crate::{constant_time, digest, hmac}; +use crate::{ + aws_lc::PKCS5_PBKDF2_HMAC, constant_time, digest, error::Unspecified, fips::indicator_check, + hmac, +}; use core::num::NonZeroU32; use zeroize::Zeroize; diff --git a/aws-lc-rs/src/ptr.rs b/aws-lc-rs/src/ptr.rs index 7efe6a167dc..fcea640c683 100644 --- a/aws-lc-rs/src/ptr.rs +++ b/aws-lc-rs/src/ptr.rs @@ -245,8 +245,10 @@ create_pointer!(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free); #[cfg(test)] mod tests { - use crate::aws_lc::BIGNUM; - use crate::ptr::{DetachablePointer, ManagedPointer}; + use crate::{ + aws_lc::BIGNUM, + ptr::{DetachablePointer, ManagedPointer}, + }; #[test] fn test_debug() { diff --git a/aws-lc-rs/src/rand.rs b/aws-lc-rs/src/rand.rs index 40360901185..3f8aa527dcb 100644 --- a/aws-lc-rs/src/rand.rs +++ b/aws-lc-rs/src/rand.rs @@ -32,9 +32,7 @@ //! let random_array = rand::generate(&rng).unwrap(); //! let more_rand_bytes: [u8; 64] = random_array.expose(); //! ``` -use crate::aws_lc::RAND_bytes; -use crate::error::Unspecified; -use crate::fips::indicator_check; +use crate::{aws_lc::RAND_bytes, error::Unspecified, fips::indicator_check}; use core::fmt::Debug; /// A secure random number generator. diff --git a/aws-lc-rs/src/rsa.rs b/aws-lc-rs/src/rsa.rs index 586a4e977a1..835ecceb48c 100644 --- a/aws-lc-rs/src/rsa.rs +++ b/aws-lc-rs/src/rsa.rs @@ -94,8 +94,7 @@ mod tests { #[cfg(feature = "ring-io")] #[test] fn test_rsa() { - use crate::signature::KeyPair; - use crate::test::from_dirty_hex; + use crate::{signature::KeyPair, test::from_dirty_hex}; let rsa_pkcs8_input: Vec = from_dirty_hex( r"308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b9d7a f84fa4184a5f22037ec8aff2db5f78bd8c21e714e579ae57c6398c4950f3a694b17bfccf488766159aec5bb7c2c4 diff --git a/aws-lc-rs/src/rsa/encoding.rs b/aws-lc-rs/src/rsa/encoding.rs index 564356ea86f..267467010c2 100644 --- a/aws-lc-rs/src/rsa/encoding.rs +++ b/aws-lc-rs/src/rsa/encoding.rs @@ -3,8 +3,8 @@ /// PKCS#8 Encoding Functions pub(in crate::rsa) mod pkcs8 { - use crate::aws_lc::{EVP_marshal_private_key, EVP_parse_private_key, EVP_PKEY}; use crate::{ + aws_lc::{EVP_marshal_private_key, EVP_parse_private_key, EVP_PKEY}, cbb::LcCBB, cbs, error::{KeyRejected, Unspecified}, @@ -49,11 +49,11 @@ pub(in crate::rsa) mod pkcs8 { /// /// PKCS #1: RSA Cryptography Specifications Version 2.2 pub(in crate::rsa) mod rfc8017 { - use crate::aws_lc::{ - EVP_PKEY_assign_RSA, EVP_PKEY_new, RSA_parse_private_key, RSA_public_key_from_bytes, - RSA_public_key_to_bytes, EVP_PKEY, - }; use crate::{ + aws_lc::{ + EVP_PKEY_assign_RSA, EVP_PKEY_new, RSA_parse_private_key, RSA_public_key_from_bytes, + RSA_public_key_to_bytes, EVP_PKEY, + }, cbs, error::{KeyRejected, Unspecified}, ptr::{DetachableLcPtr, LcPtr}, @@ -126,8 +126,8 @@ pub(in crate::rsa) mod rfc8017 { /// /// Encodings that use the `SubjectPublicKeyInfo` structure. pub(in crate::rsa) mod rfc5280 { - use crate::aws_lc::{EVP_marshal_public_key, EVP_parse_public_key, EVP_PKEY}; use crate::{ + aws_lc::{EVP_marshal_public_key, EVP_parse_public_key, EVP_PKEY}, cbb::LcCBB, cbs, encoding::PublicKeyX509Der, diff --git a/aws-lc-rs/src/rsa/encryption.rs b/aws-lc-rs/src/rsa/encryption.rs index 7a199bd3d58..bc0641292a3 100644 --- a/aws-lc-rs/src/rsa/encryption.rs +++ b/aws-lc-rs/src/rsa/encryption.rs @@ -9,8 +9,8 @@ use super::{ key::{generate_rsa_key, is_rsa_key, key_size_bits, key_size_bytes}, KeySize, }; -use crate::aws_lc::EVP_PKEY; use crate::{ + aws_lc::EVP_PKEY, encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der}, error::{KeyRejected, Unspecified}, ptr::LcPtr, diff --git a/aws-lc-rs/src/rsa/encryption/oaep.rs b/aws-lc-rs/src/rsa/encryption/oaep.rs index 279058eb4ee..1108a7cec2b 100644 --- a/aws-lc-rs/src/rsa/encryption/oaep.rs +++ b/aws-lc-rs/src/rsa/encryption/oaep.rs @@ -4,13 +4,13 @@ #![allow(clippy::module_name_repetitions)] use super::{EncryptionAlgorithmId, PrivateDecryptingKey, PublicEncryptingKey}; -use crate::aws_lc::{ - EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, - EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, - EVP_PKEY_encrypt_init, EVP_sha1, EVP_sha256, EVP_sha384, EVP_sha512, OPENSSL_malloc, EVP_MD, - EVP_PKEY_CTX, RSA_PKCS1_OAEP_PADDING, -}; use crate::{ + aws_lc::{ + EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_set_rsa_mgf1_md, + EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, + EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, EVP_PKEY_encrypt_init, EVP_sha1, EVP_sha256, + EVP_sha384, EVP_sha512, OPENSSL_malloc, EVP_MD, EVP_PKEY_CTX, RSA_PKCS1_OAEP_PADDING, + }, error::Unspecified, fips::indicator_check, ptr::{DetachableLcPtr, LcPtr}, diff --git a/aws-lc-rs/src/rsa/encryption/pkcs1.rs b/aws-lc-rs/src/rsa/encryption/pkcs1.rs index 7a0e94d655e..6417049540c 100644 --- a/aws-lc-rs/src/rsa/encryption/pkcs1.rs +++ b/aws-lc-rs/src/rsa/encryption/pkcs1.rs @@ -4,11 +4,15 @@ #![allow(clippy::module_name_repetitions)] use super::{PrivateDecryptingKey, PublicEncryptingKey}; -use crate::aws_lc::{ - EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, - EVP_PKEY_encrypt_init, EVP_PKEY_CTX, RSA_PKCS1_PADDING, +use crate::{ + aws_lc::{ + EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, + EVP_PKEY_encrypt_init, EVP_PKEY_CTX, RSA_PKCS1_PADDING, + }, + error::Unspecified, + fips::indicator_check, + ptr::LcPtr, }; -use crate::{error::Unspecified, fips::indicator_check, ptr::LcPtr}; use core::fmt::Debug; /// RSA PKCS1-v1.5 public key for encryption. diff --git a/aws-lc-rs/src/rsa/key.rs b/aws-lc-rs/src/rsa/key.rs index e2116b5f663..ac82a0f04a7 100644 --- a/aws-lc-rs/src/rsa/key.rs +++ b/aws-lc-rs/src/rsa/key.rs @@ -10,11 +10,6 @@ use super::{ }; #[cfg(feature = "fips")] use crate::aws_lc::RSA_check_fips; -use crate::aws_lc::{ - EVP_DigestSignInit, EVP_PKEY_assign_RSA, EVP_PKEY_bits, EVP_PKEY_new, EVP_PKEY_size, - RSA_generate_key_ex, RSA_generate_key_fips, RSA_new, RSA_set0_key, RSA_size, BIGNUM, EVP_PKEY, - EVP_PKEY_CTX, -}; #[cfg(feature = "ring-io")] use crate::aws_lc::{RSA_get0_e, RSA_get0_n}; #[cfg(feature = "ring-io")] @@ -22,6 +17,11 @@ use crate::io; #[cfg(feature = "ring-io")] use crate::ptr::ConstPointer; use crate::{ + aws_lc::{ + EVP_DigestSignInit, EVP_PKEY_assign_RSA, EVP_PKEY_bits, EVP_PKEY_new, EVP_PKEY_size, + RSA_generate_key_ex, RSA_generate_key_fips, RSA_new, RSA_set0_key, RSA_size, BIGNUM, + EVP_PKEY, EVP_PKEY_CTX, + }, digest::{self}, encoding::{AsDer, Pkcs8V1Der}, error::{KeyRejected, Unspecified}, diff --git a/aws-lc-rs/src/rsa/signature.rs b/aws-lc-rs/src/rsa/signature.rs index d23590ef5e2..687675ec117 100644 --- a/aws-lc-rs/src/rsa/signature.rs +++ b/aws-lc-rs/src/rsa/signature.rs @@ -15,7 +15,10 @@ use crate::aws_lc::{ }; use crate::{ - digest::{self, digest_ctx::DigestContext}, + digest::{ + digest_ctx::DigestContext, + {self}, + }, error::Unspecified, fips::indicator_check, ptr::{ConstPointer, DetachableLcPtr, LcPtr}, diff --git a/aws-lc-rs/src/signature.rs b/aws-lc-rs/src/signature.rs index 37473732370..17e9898f342 100644 --- a/aws-lc-rs/src/signature.rs +++ b/aws-lc-rs/src/signature.rs @@ -248,16 +248,16 @@ use crate::rsa::{ RsaVerificationAlgorithmId, }; -pub use crate::ec::key_pair::{EcdsaKeyPair, PrivateKey as EcdsaPrivateKey}; -use crate::ec::signature::EcdsaSignatureFormat; -pub use crate::ec::signature::{ - EcdsaSigningAlgorithm, EcdsaVerificationAlgorithm, PublicKey as EcdsaPublicKey, +use crate::{digest, ec, ec::signature::EcdsaSignatureFormat, error, hex, rsa, sealed}; +pub use crate::{ + ec::{ + key_pair::{EcdsaKeyPair, PrivateKey as EcdsaPrivateKey}, + signature::{ + EcdsaSigningAlgorithm, EcdsaVerificationAlgorithm, PublicKey as EcdsaPublicKey, + }, + }, + ed25519::{Ed25519KeyPair, EdDSAParameters, Seed as Ed25519Seed, ED25519_PUBLIC_KEY_LEN}, }; -pub use crate::ed25519::{ - Ed25519KeyPair, EdDSAParameters, Seed as Ed25519Seed, ED25519_PUBLIC_KEY_LEN, -}; -use crate::rsa; -use crate::{digest, ec, error, hex, sealed}; /// The longest signature is an ASN.1 P-384 signature where *r* and *s* are of /// maximum length with the leading high bit set on each. Then each component @@ -796,8 +796,10 @@ pub static ED25519: EdDSAParameters = EdDSAParameters {}; mod tests { use regex::Regex; - use crate::rand::{generate, SystemRandom}; - use crate::signature::{UnparsedPublicKey, ED25519}; + use crate::{ + rand::{generate, SystemRandom}, + signature::{UnparsedPublicKey, ED25519}, + }; #[cfg(feature = "fips")] mod fips; diff --git a/aws-lc-rs/src/test.rs b/aws-lc-rs/src/test.rs index d2743ea75df..2780fbd1fcc 100644 --- a/aws-lc-rs/src/test.rs +++ b/aws-lc-rs/src/test.rs @@ -487,10 +487,16 @@ pub mod rand { #[cfg(test)] mod tests { - use crate::rand::sealed::SecureRandom; - use crate::test::rand::{FixedByteRandom, FixedSliceRandom, FixedSliceSequenceRandom}; - use crate::test::{from_dirty_hex, to_hex_upper}; - use crate::{error, test}; + use crate::{ + error, + rand::sealed::SecureRandom, + test, + test::{ + from_dirty_hex, + rand::{FixedByteRandom, FixedSliceRandom, FixedSliceSequenceRandom}, + to_hex_upper, + }, + }; use core::cell::UnsafeCell; #[test] diff --git a/aws-lc-rs/src/tls_prf.rs b/aws-lc-rs/src/tls_prf.rs index 4c929064122..f348bad9df4 100644 --- a/aws-lc-rs/src/tls_prf.rs +++ b/aws-lc-rs/src/tls_prf.rs @@ -28,7 +28,9 @@ use core::fmt::Debug; use crate::{ - digest::match_digest_type, digest::AlgorithmID, error::Unspecified, fips::indicator_check, + digest::{match_digest_type, AlgorithmID}, + error::Unspecified, + fips::indicator_check, }; use core::ptr::null; diff --git a/aws-lc-rs/src/tls_prf/tests/fips.rs b/aws-lc-rs/src/tls_prf/tests/fips.rs index e08270f84a6..525abf6465d 100644 --- a/aws-lc-rs/src/tls_prf/tests/fips.rs +++ b/aws-lc-rs/src/tls_prf/tests/fips.rs @@ -3,8 +3,10 @@ #![cfg(debug_assertions)] -use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; -use crate::tls_prf::{Secret, P_SHA256, P_SHA384, P_SHA512}; +use crate::{ + fips::{assert_fips_status_indicator, FipsServiceStatus}, + tls_prf::{Secret, P_SHA256, P_SHA384, P_SHA512}, +}; macro_rules! prf_test { ($name:ident, $alg:expr, $size:expr, $label:expr, $expect:path) => { diff --git a/aws-lc-rs/tests/aead_test.rs b/aws-lc-rs/tests/aead_test.rs index 8271514c9b1..ce199164e25 100644 --- a/aws-lc-rs/tests/aead_test.rs +++ b/aws-lc-rs/tests/aead_test.rs @@ -3,8 +3,7 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::aead::nonce_sequence::Counter32Builder; -use aws_lc_rs::{aead, error, test, test_file}; +use aws_lc_rs::{aead, aead::nonce_sequence::Counter32Builder, error, test, test_file}; use aws_lc_rs::aead::{ Aad, BoundKey, Nonce, OpeningKey, SealingKey, UnboundKey, AES_128_GCM, NONCE_LEN, diff --git a/aws-lc-rs/tests/basic_rsa_test.rs b/aws-lc-rs/tests/basic_rsa_test.rs index 0e3cfe8db03..a579608a0d3 100644 --- a/aws-lc-rs/tests/basic_rsa_test.rs +++ b/aws-lc-rs/tests/basic_rsa_test.rs @@ -1,11 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::rand::SystemRandom; -use aws_lc_rs::rsa::{Pkcs1PublicEncryptingKey, PublicEncryptingKey}; -use aws_lc_rs::signature; -use aws_lc_rs::signature::RsaKeyPair; -use aws_lc_rs::test::from_dirty_hex; +use aws_lc_rs::{ + rand::SystemRandom, + rsa::{Pkcs1PublicEncryptingKey, PublicEncryptingKey}, + signature, + signature::RsaKeyPair, + test::from_dirty_hex, +}; #[test] fn test_rsa_pkcs8() { diff --git a/aws-lc-rs/tests/cipher_test.rs b/aws-lc-rs/tests/cipher_test.rs index 820ade41fc6..f72ab08c47e 100644 --- a/aws-lc-rs/tests/cipher_test.rs +++ b/aws-lc-rs/tests/cipher_test.rs @@ -1,13 +1,15 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::cipher::{ - DecryptingKey, DecryptionContext, EncryptingKey, EncryptionContext, OperatingMode, - PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, StreamingDecryptingKey, - StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_192, AES_256, +use aws_lc_rs::{ + cipher::{ + DecryptingKey, DecryptionContext, EncryptingKey, EncryptionContext, OperatingMode, + PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, StreamingDecryptingKey, + StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_192, AES_256, + }, + iv::{FixedLength, IV_LEN_128_BIT}, + test::from_hex, }; -use aws_lc_rs::iv::{FixedLength, IV_LEN_128_BIT}; -use aws_lc_rs::test::from_hex; use paste::paste; fn step_encrypt( diff --git a/aws-lc-rs/tests/ecdsa_tests.rs b/aws-lc-rs/tests/ecdsa_tests.rs index 9935ceca4fc..9edded3f437 100644 --- a/aws-lc-rs/tests/ecdsa_tests.rs +++ b/aws-lc-rs/tests/ecdsa_tests.rs @@ -3,9 +3,8 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::encoding::{AsBigEndian, EcPrivateKeyRfc5915Der}; use aws_lc_rs::{ - encoding::AsDer, + encoding::{AsBigEndian, AsDer, EcPrivateKeyRfc5915Der}, rand::SystemRandom, signature::{self, EcdsaKeyPair, KeyPair, Signature, UnparsedPublicKey}, test, test_file, diff --git a/aws-lc-rs/tests/ed25519_tests.rs b/aws-lc-rs/tests/ed25519_tests.rs index 444607af22e..19776ac5a9b 100644 --- a/aws-lc-rs/tests/ed25519_tests.rs +++ b/aws-lc-rs/tests/ed25519_tests.rs @@ -3,10 +3,10 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::encoding::{AsBigEndian, Curve25519SeedBin}; -use aws_lc_rs::rand::SystemRandom; use aws_lc_rs::{ + encoding::{AsBigEndian, Curve25519SeedBin}, error, + rand::SystemRandom, signature::{self, Ed25519KeyPair, KeyPair}, test, test_file, }; diff --git a/aws-lc-rs/tests/hmac_test.rs b/aws-lc-rs/tests/hmac_test.rs index a3136196c60..e7cf473f70c 100644 --- a/aws-lc-rs/tests/hmac_test.rs +++ b/aws-lc-rs/tests/hmac_test.rs @@ -3,8 +3,7 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::hmac::sign; -use aws_lc_rs::{digest, hmac, test, test_file}; +use aws_lc_rs::{digest, hmac, hmac::sign, test, test_file}; #[test] fn hmac_tests() { diff --git a/aws-lc-rs/tests/kdf_test.rs b/aws-lc-rs/tests/kdf_test.rs index 949c456c8c9..9bc76a40e51 100644 --- a/aws-lc-rs/tests/kdf_test.rs +++ b/aws-lc-rs/tests/kdf_test.rs @@ -5,12 +5,14 @@ use std::error::Error; -use aws_lc_rs::kdf::{ - get_kbkdf_ctr_hmac_algorithm, get_sskdf_digest_algorithm, get_sskdf_hmac_algorithm, - kbkdf_ctr_hmac, sskdf_digest, sskdf_hmac, KbkdfCtrHmacAlgorithm, KbkdfCtrHmacAlgorithmId, - SskdfDigestAlgorithm, SskdfDigestAlgorithmId, SskdfHmacAlgorithm, SskdfHmacAlgorithmId, +use aws_lc_rs::{ + kdf::{ + get_kbkdf_ctr_hmac_algorithm, get_sskdf_digest_algorithm, get_sskdf_hmac_algorithm, + kbkdf_ctr_hmac, sskdf_digest, sskdf_hmac, KbkdfCtrHmacAlgorithm, KbkdfCtrHmacAlgorithmId, + SskdfDigestAlgorithm, SskdfDigestAlgorithmId, SskdfHmacAlgorithm, SskdfHmacAlgorithmId, + }, + test, test_file, }; -use aws_lc_rs::{test, test_file}; #[derive(Clone, Copy)] enum SskdfVariant { diff --git a/aws-lc-rs/tests/quic_test.rs b/aws-lc-rs/tests/quic_test.rs index 1fd31ef5114..b63368020b0 100644 --- a/aws-lc-rs/tests/quic_test.rs +++ b/aws-lc-rs/tests/quic_test.rs @@ -3,8 +3,7 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::aead::quic; -use aws_lc_rs::{test, test_file}; +use aws_lc_rs::{aead::quic, test, test_file}; #[test] fn quic_aes_128() { diff --git a/aws-lc-rs/tests/rsa_test.rs b/aws-lc-rs/tests/rsa_test.rs index a55777bbf20..80d9c8e3c7d 100644 --- a/aws-lc-rs/tests/rsa_test.rs +++ b/aws-lc-rs/tests/rsa_test.rs @@ -3,17 +3,21 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der}; -use aws_lc_rs::rsa::{ - EncryptionAlgorithmId, KeySize, OaepPrivateDecryptingKey, OaepPublicEncryptingKey, - Pkcs1PrivateDecryptingKey, Pkcs1PublicEncryptingKey, PrivateDecryptingKey, PublicEncryptingKey, - OAEP_SHA1_MGF1SHA1, OAEP_SHA256_MGF1SHA256, OAEP_SHA384_MGF1SHA384, OAEP_SHA512_MGF1SHA512, +use aws_lc_rs::{ + encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der}, + rand, + rsa::{ + EncryptionAlgorithmId, KeySize, OaepPrivateDecryptingKey, OaepPublicEncryptingKey, + Pkcs1PrivateDecryptingKey, Pkcs1PublicEncryptingKey, PrivateDecryptingKey, + PublicEncryptingKey, OAEP_SHA1_MGF1SHA1, OAEP_SHA256_MGF1SHA256, OAEP_SHA384_MGF1SHA384, + OAEP_SHA512_MGF1SHA512, + }, + signature, + signature::{KeyPair, RsaKeyPair, RsaParameters, RsaPublicKeyComponents, RsaSubjectPublicKey}, + test, + test::to_hex_upper, + test_file, }; -use aws_lc_rs::signature::{ - KeyPair, RsaKeyPair, RsaParameters, RsaPublicKeyComponents, RsaSubjectPublicKey, -}; -use aws_lc_rs::test::to_hex_upper; -use aws_lc_rs::{rand, signature, test, test_file}; #[test] fn rsa_traits() { diff --git a/aws-lc-sys/builder/cmake_builder.rs b/aws-lc-sys/builder/cmake_builder.rs index 0d2f4c0be63..8c541c09b8c 100644 --- a/aws-lc-sys/builder/cmake_builder.rs +++ b/aws-lc-sys/builder/cmake_builder.rs @@ -1,17 +1,16 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::cc_builder::CcBuilder; -use crate::OutputLib::{Crypto, RustWrapper, Ssl}; use crate::{ - allow_prebuilt_nasm, cargo_env, emit_warning, execute_command, get_crate_cflags, is_crt_static, - is_no_asm, option_env, requested_c_std, target, target_arch, target_env, target_os, - target_underscored, target_vendor, test_nasm_command, use_prebuilt_nasm, CStdRequested, + allow_prebuilt_nasm, cargo_env, + cc_builder::CcBuilder, + emit_warning, execute_command, get_crate_cflags, is_crt_static, is_no_asm, option_env, + requested_c_std, target, target_arch, target_env, target_os, target_underscored, target_vendor, + test_nasm_command, use_prebuilt_nasm, CStdRequested, + OutputLib::{Crypto, RustWrapper, Ssl}, OutputLibType, }; -use std::env; -use std::ffi::OsString; -use std::path::PathBuf; +use std::{env, ffi::OsString, path::PathBuf}; pub(crate) struct CmakeBuilder { manifest_dir: PathBuf, diff --git a/aws-lc-sys/builder/main.rs b/aws-lc-sys/builder/main.rs index 15706429afd..2fdf54bcc9b 100644 --- a/aws-lc-sys/builder/main.rs +++ b/aws-lc-sys/builder/main.rs @@ -10,10 +10,14 @@ #![cfg_attr(clippy, feature(custom_inner_attributes))] #![cfg_attr(clippy, clippy::msrv = "1.77")] -use std::ffi::{OsStr, OsString}; -use std::path::{Path, PathBuf}; -use std::process::Command; -use std::{env, fmt, fmt::Debug}; +use std::{ + env, + ffi::{OsStr, OsString}, + fmt, + fmt::Debug, + path::{Path, PathBuf}, + process::Command, +}; use cc_builder::CcBuilder; use cmake_builder::CmakeBuilder; From a0ff574910baeb812c8767fcbfc34d3733b9fcb6 Mon Sep 17 00:00:00 2001 From: Justin Smith Date: Tue, 28 Jan 2025 16:04:20 -0500 Subject: [PATCH 2/2] Use 'Module' granularity --- .rustfmt.toml | 2 +- aws-lc-fips-sys/builder/cmake_builder.rs | 10 ++-- aws-lc-fips-sys/builder/main.rs | 13 ++--- aws-lc-rs-testing/benches/cipher_benchmark.rs | 10 ++-- aws-lc-rs-testing/tests/quic_test.rs | 6 +- aws-lc-rs/examples/cipher.rs | 13 ++--- aws-lc-rs/examples/digest.rs | 6 +- aws-lc-rs/src/aead.rs | 24 ++++---- aws-lc-rs/src/aead/aead_ctx.rs | 26 ++++----- aws-lc-rs/src/aead/aes_gcm.rs | 8 +-- aws-lc-rs/src/aead/chacha.rs | 9 ++- .../src/aead/chacha20_poly1305_openssh.rs | 31 ++++------- aws-lc-rs/src/aead/nonce.rs | 11 ++-- .../src/aead/nonce_sequence/counter32.rs | 11 ++-- .../src/aead/nonce_sequence/counter64.rs | 11 ++-- aws-lc-rs/src/aead/poly1305.rs | 6 +- aws-lc-rs/src/aead/quic.rs | 17 +++--- aws-lc-rs/src/aead/rand_nonce.rs | 9 ++- aws-lc-rs/src/aead/tests/fips.rs | 13 ++--- .../tests/fips/chacha20_poly1305_openssh.rs | 6 +- aws-lc-rs/src/aead/tests/fips/quic.rs | 6 +- aws-lc-rs/src/aead/tls.rs | 15 ++--- aws-lc-rs/src/aead/unbound_key.rs | 24 ++++---- aws-lc-rs/src/agreement.rs | 55 ++++++++----------- aws-lc-rs/src/agreement/ephemeral.rs | 28 ++++------ aws-lc-rs/src/bn.rs | 6 +- aws-lc-rs/src/buffer.rs | 3 +- aws-lc-rs/src/cbb.rs | 14 ++--- aws-lc-rs/src/cipher.rs | 22 ++++---- aws-lc-rs/src/cipher/aes.rs | 14 ++--- aws-lc-rs/src/cipher/chacha.rs | 6 +- aws-lc-rs/src/cipher/key.rs | 28 ++++------ aws-lc-rs/src/cipher/padded.rs | 26 ++++----- aws-lc-rs/src/cipher/streaming.rs | 34 ++++++------ aws-lc-rs/src/cipher/tests/fips.rs | 11 ++-- aws-lc-rs/src/constant_time.rs | 3 +- aws-lc-rs/src/digest.rs | 18 +++--- aws-lc-rs/src/digest/digest_ctx.rs | 11 ++-- aws-lc-rs/src/digest/tests/fips.rs | 10 ++-- aws-lc-rs/src/ec.rs | 36 +++++------- aws-lc-rs/src/ec/key_pair.rs | 40 ++++++-------- aws-lc-rs/src/ec/signature.rs | 35 ++++++------ aws-lc-rs/src/ed25519.rs | 47 +++++++--------- aws-lc-rs/src/error.rs | 3 +- aws-lc-rs/src/evp_pkey.rs | 25 ++++----- aws-lc-rs/src/hkdf.rs | 11 ++-- aws-lc-rs/src/hkdf/tests/fips.rs | 8 +-- aws-lc-rs/src/hmac.rs | 18 +++--- aws-lc-rs/src/hmac/tests/fips.rs | 14 ++--- aws-lc-rs/src/iv.rs | 3 +- aws-lc-rs/src/kdf.rs | 4 +- aws-lc-rs/src/kdf/kbkdf.rs | 8 +-- aws-lc-rs/src/kdf/sskdf.rs | 8 +-- aws-lc-rs/src/kem.rs | 22 ++++---- aws-lc-rs/src/key_wrap.rs | 18 +++--- aws-lc-rs/src/key_wrap/tests/fips.rs | 6 +- aws-lc-rs/src/pbkdf2.rs | 8 +-- aws-lc-rs/src/pbkdf2/tests/fips.rs | 9 +-- aws-lc-rs/src/ptr.rs | 6 +- aws-lc-rs/src/rand.rs | 4 +- aws-lc-rs/src/rsa.rs | 21 +++---- aws-lc-rs/src/rsa/encoding.rs | 44 +++++++-------- aws-lc-rs/src/rsa/encryption.rs | 17 ++---- aws-lc-rs/src/rsa/encryption/oaep.rs | 22 ++++---- aws-lc-rs/src/rsa/encryption/pkcs1.rs | 14 ++--- aws-lc-rs/src/rsa/key.rs | 42 ++++++-------- aws-lc-rs/src/rsa/signature.rs | 28 ++++------ aws-lc-rs/src/rsa/tests/fips.rs | 6 +- aws-lc-rs/src/signature.rs | 32 +++++------ aws-lc-rs/src/signature/tests/fips.rs | 38 ++++++------- aws-lc-rs/src/test.rs | 14 ++--- aws-lc-rs/src/tls_prf.rs | 8 +-- aws-lc-rs/src/tls_prf/tests/fips.rs | 6 +- aws-lc-rs/tests/aead_test.rs | 3 +- aws-lc-rs/tests/basic_rsa_test.rs | 12 ++-- aws-lc-rs/tests/cipher_test.rs | 14 ++--- aws-lc-rs/tests/ecdsa_tests.rs | 10 ++-- aws-lc-rs/tests/ed25519_tests.rs | 11 ++-- aws-lc-rs/tests/hmac_test.rs | 3 +- aws-lc-rs/tests/kdf_test.rs | 12 ++-- aws-lc-rs/tests/quic_test.rs | 3 +- aws-lc-rs/tests/rand_test.rs | 6 +- aws-lc-rs/tests/rsa_test.rs | 24 ++++---- aws-lc-sys/builder/cmake_builder.rs | 15 ++--- aws-lc-sys/builder/main.rs | 13 ++--- 85 files changed, 573 insertions(+), 754 deletions(-) diff --git a/.rustfmt.toml b/.rustfmt.toml index c3c8c375338..c1578aafbcf 100644 --- a/.rustfmt.toml +++ b/.rustfmt.toml @@ -1 +1 @@ -imports_granularity = "Crate" +imports_granularity = "Module" diff --git a/aws-lc-fips-sys/builder/cmake_builder.rs b/aws-lc-fips-sys/builder/cmake_builder.rs index 44939c66619..a9ef4ab42a9 100644 --- a/aws-lc-fips-sys/builder/cmake_builder.rs +++ b/aws-lc-fips-sys/builder/cmake_builder.rs @@ -1,14 +1,16 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC +use crate::OutputLib::{Crypto, RustWrapper, Ssl}; use crate::{ cargo_env, emit_rustc_cfg, emit_warning, execute_command, is_cpu_jitter_entropy, is_no_asm, option_env, target, target_arch, target_env, target_family, target_os, target_underscored, - target_vendor, - OutputLib::{Crypto, RustWrapper, Ssl}, - OutputLibType, TestCommandResult, + target_vendor, OutputLibType, TestCommandResult, }; -use std::{collections::HashMap, env, ffi::OsString, path::PathBuf}; +use std::collections::HashMap; +use std::env; +use std::ffi::OsString; +use std::path::PathBuf; pub(crate) struct CmakeBuilder { manifest_dir: PathBuf, diff --git a/aws-lc-fips-sys/builder/main.rs b/aws-lc-fips-sys/builder/main.rs index 635bbd160ca..7f95dd365da 100644 --- a/aws-lc-fips-sys/builder/main.rs +++ b/aws-lc-fips-sys/builder/main.rs @@ -10,13 +10,12 @@ #![cfg_attr(clippy, feature(custom_inner_attributes))] #![cfg_attr(clippy, clippy::msrv = "1.77")] -use core::{fmt, fmt::Debug}; -use std::{ - env, - ffi::{OsStr, OsString}, - path::{Path, PathBuf}, - process::Command, -}; +use core::fmt; +use core::fmt::Debug; +use std::env; +use std::ffi::{OsStr, OsString}; +use std::path::{Path, PathBuf}; +use std::process::Command; use cmake_builder::CmakeBuilder; diff --git a/aws-lc-rs-testing/benches/cipher_benchmark.rs b/aws-lc-rs-testing/benches/cipher_benchmark.rs index e9a1ca7f90e..113c028d297 100644 --- a/aws-lc-rs-testing/benches/cipher_benchmark.rs +++ b/aws-lc-rs-testing/benches/cipher_benchmark.rs @@ -1,13 +1,11 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - cipher::{ - DecryptingKey, EncryptingKey, EncryptionContext, OperatingMode, PaddedBlockDecryptingKey, - PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, - }, - test, test_file, +use aws_lc_rs::cipher::{ + DecryptingKey, EncryptingKey, EncryptionContext, OperatingMode, PaddedBlockDecryptingKey, + PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, }; +use aws_lc_rs::{test, test_file}; use criterion::{criterion_group, criterion_main, Criterion}; macro_rules! openssl_bench { diff --git a/aws-lc-rs-testing/tests/quic_test.rs b/aws-lc-rs-testing/tests/quic_test.rs index 87598622f3f..93a56c57683 100644 --- a/aws-lc-rs-testing/tests/quic_test.rs +++ b/aws-lc-rs-testing/tests/quic_test.rs @@ -1,10 +1,8 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - aead::quic::{HeaderProtectionKey, AES_128, AES_256, CHACHA20}, - hkdf, test, -}; +use aws_lc_rs::aead::quic::{HeaderProtectionKey, AES_128, AES_256, CHACHA20}; +use aws_lc_rs::{hkdf, test}; #[test] fn test_key_type_header_protection_key() { diff --git a/aws-lc-rs/examples/cipher.rs b/aws-lc-rs/examples/cipher.rs index 96cc976547d..59ccc42d61e 100644 --- a/aws-lc-rs/examples/cipher.rs +++ b/aws-lc-rs/examples/cipher.rs @@ -24,15 +24,12 @@ //! $ cargo run --example cipher -- decrypt --mode cbc --key 6489d8ce0c4facf18b872705a05d5ee4 --iv 5cd56fb752830ec2459889226c5431bd 6311c14e8104730be124ce1e57e51fe3 //! Hello World //! ``` -use aws_lc_rs::{ - cipher::{ - DecryptingKey, DecryptionContext, EncryptingKey, EncryptionContext, - PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, - AES_128_KEY_LEN, AES_192, AES_192_KEY_LEN, AES_256, AES_256_KEY_LEN, AES_CBC_IV_LEN, - AES_CTR_IV_LEN, - }, - iv::FixedLength, +use aws_lc_rs::cipher::{ + DecryptingKey, DecryptionContext, EncryptingKey, EncryptionContext, PaddedBlockDecryptingKey, + PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_128_KEY_LEN, AES_192, AES_192_KEY_LEN, + AES_256, AES_256_KEY_LEN, AES_CBC_IV_LEN, AES_CTR_IV_LEN, }; +use aws_lc_rs::iv::FixedLength; use clap::{Parser, Subcommand, ValueEnum}; #[derive(Parser)] diff --git a/aws-lc-rs/examples/digest.rs b/aws-lc-rs/examples/digest.rs index d1d4ef3c1fa..f3fed1cb839 100644 --- a/aws-lc-rs/examples/digest.rs +++ b/aws-lc-rs/examples/digest.rs @@ -12,10 +12,8 @@ //! ``` use aws_lc_rs::{digest, test}; use clap::{Parser, ValueEnum}; -use std::{ - fs::File, - io::{Read, Result}, -}; +use std::fs::File; +use std::io::{Read, Result}; #[derive(ValueEnum, Clone, Copy, Debug)] enum DigestType { diff --git a/aws-lc-rs/src/aead.rs b/aws-lc-rs/src/aead.rs index 74bd8711961..0a3e0dc40c8 100644 --- a/aws-lc-rs/src/aead.rs +++ b/aws-lc-rs/src/aead.rs @@ -180,9 +180,12 @@ //! # } //! ``` -use crate::{derive_debug_via_id, error::Unspecified, hkdf}; +use crate::error::Unspecified; +use crate::{derive_debug_via_id, hkdf}; use aead_ctx::AeadCtx; -use core::{fmt::Debug, ops::RangeFrom, stringify}; +use core::fmt::Debug; +use core::ops::RangeFrom; +use core::stringify; use paste::paste; mod aead_ctx; @@ -197,14 +200,12 @@ mod rand_nonce; mod tls; mod unbound_key; -pub use self::{ - aes_gcm::{AES_128_GCM, AES_128_GCM_SIV, AES_192_GCM, AES_256_GCM, AES_256_GCM_SIV}, - chacha::CHACHA20_POLY1305, - nonce::{Nonce, NONCE_LEN}, - rand_nonce::RandomizedNonceKey, - tls::{TlsProtocolId, TlsRecordOpeningKey, TlsRecordSealingKey}, - unbound_key::UnboundKey, -}; +pub use self::aes_gcm::{AES_128_GCM, AES_128_GCM_SIV, AES_192_GCM, AES_256_GCM, AES_256_GCM_SIV}; +pub use self::chacha::CHACHA20_POLY1305; +pub use self::nonce::{Nonce, NONCE_LEN}; +pub use self::rand_nonce::RandomizedNonceKey; +pub use self::tls::{TlsProtocolId, TlsRecordOpeningKey, TlsRecordSealingKey}; +pub use self::unbound_key::UnboundKey; /// A sequences of unique nonces. /// @@ -1019,7 +1020,8 @@ mod tests { use nonce_sequence::Counter32Builder; use super::*; - use crate::{iv::FixedLength, test::from_hex}; + use crate::iv::FixedLength; + use crate::test::from_hex; #[cfg(feature = "fips")] mod fips; diff --git a/aws-lc-rs/src/aead/aead_ctx.rs b/aws-lc-rs/src/aead/aead_ctx.rs index 84edd16f20b..8b361043af6 100644 --- a/aws-lc-rs/src/aead/aead_ctx.rs +++ b/aws-lc-rs/src/aead/aead_ctx.rs @@ -1,24 +1,22 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use core::{mem::size_of, ptr::null_mut}; +use core::mem::size_of; +use core::ptr::null_mut; use crate::cipher::chacha; -use crate::{ - aws_lc::{ - evp_aead_direction_t, evp_aead_direction_t_evp_aead_open, - evp_aead_direction_t_evp_aead_seal, EVP_AEAD_CTX_init, EVP_AEAD_CTX_init_with_direction, - EVP_AEAD_CTX_zero, EVP_aead_aes_128_gcm, EVP_aead_aes_128_gcm_randnonce, - EVP_aead_aes_128_gcm_siv, EVP_aead_aes_128_gcm_tls12, EVP_aead_aes_128_gcm_tls13, - EVP_aead_aes_192_gcm, EVP_aead_aes_256_gcm, EVP_aead_aes_256_gcm_randnonce, - EVP_aead_aes_256_gcm_siv, EVP_aead_aes_256_gcm_tls12, EVP_aead_aes_256_gcm_tls13, - EVP_aead_chacha20_poly1305, OPENSSL_malloc, EVP_AEAD_CTX, - }, - cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}, - error::Unspecified, - ptr::LcPtr, +use crate::aws_lc::{ + evp_aead_direction_t, evp_aead_direction_t_evp_aead_open, evp_aead_direction_t_evp_aead_seal, + EVP_AEAD_CTX_init, EVP_AEAD_CTX_init_with_direction, EVP_AEAD_CTX_zero, EVP_aead_aes_128_gcm, + EVP_aead_aes_128_gcm_randnonce, EVP_aead_aes_128_gcm_siv, EVP_aead_aes_128_gcm_tls12, + EVP_aead_aes_128_gcm_tls13, EVP_aead_aes_192_gcm, EVP_aead_aes_256_gcm, + EVP_aead_aes_256_gcm_randnonce, EVP_aead_aes_256_gcm_siv, EVP_aead_aes_256_gcm_tls12, + EVP_aead_aes_256_gcm_tls13, EVP_aead_chacha20_poly1305, OPENSSL_malloc, EVP_AEAD_CTX, }; +use crate::cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}; +use crate::error::Unspecified; +use crate::ptr::LcPtr; pub(crate) enum AeadDirection { Open, diff --git a/aws-lc-rs/src/aead/aes_gcm.rs b/aws-lc-rs/src/aead/aes_gcm.rs index dead4d97e6f..9b60f818d13 100644 --- a/aws-lc-rs/src/aead/aes_gcm.rs +++ b/aws-lc-rs/src/aead/aes_gcm.rs @@ -3,11 +3,9 @@ use crate::aead::{Algorithm, AlgorithmID}; -use crate::{ - aead::aead_ctx::AeadCtx, - cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}, - error::Unspecified, -}; +use crate::aead::aead_ctx::AeadCtx; +use crate::cipher::aes::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}; +use crate::error::Unspecified; /// AES-128 in GCM mode with 128-bit tags and 96 bit nonces. pub const AES_128_GCM: Algorithm = Algorithm { diff --git a/aws-lc-rs/src/aead/chacha.rs b/aws-lc-rs/src/aead/chacha.rs index e9fc14de4f5..17485ff4630 100644 --- a/aws-lc-rs/src/aead/chacha.rs +++ b/aws-lc-rs/src/aead/chacha.rs @@ -4,11 +4,10 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aead::{aead_ctx::AeadCtx, Algorithm, AlgorithmID}, - cipher::chacha::KEY_LEN, - error, -}; +use crate::aead::aead_ctx::AeadCtx; +use crate::aead::{Algorithm, AlgorithmID}; +use crate::cipher::chacha::KEY_LEN; +use crate::error; /// ChaCha20-Poly1305 as described in [RFC 7539]. /// diff --git a/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs b/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs index ef838716c4e..9ab92dc514d 100644 --- a/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs +++ b/aws-lc-rs/src/aead/chacha20_poly1305_openssh.rs @@ -24,16 +24,11 @@ //! The APIs offered in this module must not be used. use super::{poly1305, Nonce, Tag}; -use crate::{ - cipher::{ - block::BLOCK_LEN, - chacha::{self, ChaCha20Key}, - }, - constant_time, - endian::BigEndian, - error, - iv::FixedLength, -}; +use crate::cipher::block::BLOCK_LEN; +use crate::cipher::chacha::{self, ChaCha20Key}; +use crate::endian::BigEndian; +use crate::iv::FixedLength; +use crate::{constant_time, error}; /// A key for sealing packets. pub struct SealingKey { @@ -208,17 +203,13 @@ pub(super) fn derive_poly1305_key(chacha_key: &ChaCha20Key, nonce: Nonce) -> pol #[cfg(test)] mod tests { - use crate::{ - aead::{ - chacha20_poly1305_openssh::{ - derive_poly1305_key, OpeningKey, SealingKey, KEY_LEN, TAG_LEN, - }, - Nonce, - }, - cipher::chacha::ChaCha20Key, - endian::{BigEndian, FromArray, LittleEndian}, - test, + use crate::aead::chacha20_poly1305_openssh::{ + derive_poly1305_key, OpeningKey, SealingKey, KEY_LEN, TAG_LEN, }; + use crate::aead::Nonce; + use crate::cipher::chacha::ChaCha20Key; + use crate::endian::{BigEndian, FromArray, LittleEndian}; + use crate::test; #[test] fn derive_poly1305_test() { diff --git a/aws-lc-rs/src/aead/nonce.rs b/aws-lc-rs/src/aead/nonce.rs index 51043a735bf..57ea3b38782 100644 --- a/aws-lc-rs/src/aead/nonce.rs +++ b/aws-lc-rs/src/aead/nonce.rs @@ -3,11 +3,9 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - endian::{ArrayEncoding, BigEndian, Encoding, FromArray, LittleEndian}, - error, - iv::FixedLength, -}; +use crate::endian::{ArrayEncoding, BigEndian, Encoding, FromArray, LittleEndian}; +use crate::error; +use crate::iv::FixedLength; /// A nonce for a single AEAD opening or sealing operation. /// @@ -100,7 +98,8 @@ mod tests { #[test] fn test_nonce_from_byte_array() { - use crate::aead::{nonce::IV_LEN, Nonce}; + use crate::aead::nonce::IV_LEN; + use crate::aead::Nonce; let iv: [u8; IV_LEN] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]; let nonce = Nonce::from(&iv); diff --git a/aws-lc-rs/src/aead/nonce_sequence/counter32.rs b/aws-lc-rs/src/aead/nonce_sequence/counter32.rs index f08a863b979..e7d33e22ee1 100644 --- a/aws-lc-rs/src/aead/nonce_sequence/counter32.rs +++ b/aws-lc-rs/src/aead/nonce_sequence/counter32.rs @@ -1,11 +1,9 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aead::{Nonce, NonceSequence, NONCE_LEN}, - error::Unspecified, - iv::FixedLength, -}; +use crate::aead::{Nonce, NonceSequence, NONCE_LEN}; +use crate::error::Unspecified; +use crate::iv::FixedLength; /// `Counter32` is an implementation of the `NonceSequence` trait. /// @@ -127,7 +125,8 @@ impl NonceSequence for Counter32 { #[cfg(test)] mod tests { - use crate::aead::{nonce_sequence::Counter32Builder, NonceSequence}; + use crate::aead::nonce_sequence::Counter32Builder; + use crate::aead::NonceSequence; #[test] fn test_counter32_identifier() { diff --git a/aws-lc-rs/src/aead/nonce_sequence/counter64.rs b/aws-lc-rs/src/aead/nonce_sequence/counter64.rs index caa9ed1ad85..8c6af9cbce9 100644 --- a/aws-lc-rs/src/aead/nonce_sequence/counter64.rs +++ b/aws-lc-rs/src/aead/nonce_sequence/counter64.rs @@ -1,11 +1,9 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aead::{Nonce, NonceSequence, NONCE_LEN}, - error::Unspecified, - iv::FixedLength, -}; +use crate::aead::{Nonce, NonceSequence, NONCE_LEN}; +use crate::error::Unspecified; +use crate::iv::FixedLength; /// `Counter64` is an implementation of the `NonceSequence` trait. /// @@ -126,7 +124,8 @@ impl NonceSequence for Counter64 { #[cfg(test)] mod tests { - use crate::aead::{nonce_sequence::Counter64Builder, NonceSequence}; + use crate::aead::nonce_sequence::Counter64Builder; + use crate::aead::NonceSequence; #[test] fn test_counter64_identifier() { diff --git a/aws-lc-rs/src/aead/poly1305.rs b/aws-lc-rs/src/aead/poly1305.rs index e7dc8dbb927..893c71131bf 100644 --- a/aws-lc-rs/src/aead/poly1305.rs +++ b/aws-lc-rs/src/aead/poly1305.rs @@ -6,10 +6,8 @@ // TODO: enforce maximum input length. use super::{Tag, TAG_LEN}; -use crate::{ - aws_lc::{CRYPTO_poly1305_finish, CRYPTO_poly1305_init, CRYPTO_poly1305_update}, - cipher::block::BLOCK_LEN, -}; +use crate::aws_lc::{CRYPTO_poly1305_finish, CRYPTO_poly1305_init, CRYPTO_poly1305_update}; +use crate::cipher::block::BLOCK_LEN; use core::mem::MaybeUninit; /// A Poly1305 key. diff --git a/aws-lc-rs/src/aead/quic.rs b/aws-lc-rs/src/aead/quic.rs index cd2aa1714cc..ac319fe7133 100644 --- a/aws-lc-rs/src/aead/quic.rs +++ b/aws-lc-rs/src/aead/quic.rs @@ -7,11 +7,12 @@ //! //! See draft-ietf-quic-tls. -use crate::{ - cipher::{aes::encrypt_block, block, chacha::encrypt_block_chacha20, key::SymmetricCipherKey}, - derive_debug_via_id, error, hkdf, - hkdf::KeyType, -}; +use crate::cipher::aes::encrypt_block; +use crate::cipher::block; +use crate::cipher::chacha::encrypt_block_chacha20; +use crate::cipher::key::SymmetricCipherKey; +use crate::hkdf::KeyType; +use crate::{derive_debug_via_id, error, hkdf}; /// A key for generating QUIC Header Protection masks. pub struct HeaderProtectionKey { @@ -173,10 +174,8 @@ fn cipher_new_mask( #[cfg(test)] mod test { - use crate::{ - aead::quic::{Algorithm, HeaderProtectionKey}, - test, - }; + use crate::aead::quic::{Algorithm, HeaderProtectionKey}; + use crate::test; #[test] fn test_types() { diff --git a/aws-lc-rs/src/aead/rand_nonce.rs b/aws-lc-rs/src/aead/rand_nonce.rs index d6af8265c23..6e085e2f85d 100644 --- a/aws-lc-rs/src/aead/rand_nonce.rs +++ b/aws-lc-rs/src/aead/rand_nonce.rs @@ -4,7 +4,8 @@ use crate::error::Unspecified; use core::fmt::Debug; -use super::{aead_ctx::AeadCtx, Aad, Algorithm, AlgorithmID, Nonce, Tag, UnboundKey}; +use super::aead_ctx::AeadCtx; +use super::{Aad, Algorithm, AlgorithmID, Nonce, Tag, UnboundKey}; /// AEAD Cipher key using a randomized nonce. /// @@ -148,10 +149,8 @@ impl Debug for RandomizedNonceKey { #[cfg(test)] mod tests { use super::{Aad, RandomizedNonceKey}; - use crate::{ - aead::{AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305}, - test::from_hex, - }; + use crate::aead::{AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305}; + use crate::test::from_hex; use paste::paste; const TEST_128_BIT_KEY: &[u8] = &[ diff --git a/aws-lc-rs/src/aead/tests/fips.rs b/aws-lc-rs/src/aead/tests/fips.rs index 2926a60d186..ca33b272dd4 100644 --- a/aws-lc-rs/src/aead/tests/fips.rs +++ b/aws-lc-rs/src/aead/tests/fips.rs @@ -6,14 +6,13 @@ mod chacha20_poly1305_openssh; mod quic; -use crate::{ - aead::{ - nonce_sequence::Counter64Builder, Aad, BoundKey, Nonce, OpeningKey, RandomizedNonceKey, - SealingKey, TlsProtocolId, TlsRecordOpeningKey, TlsRecordSealingKey, UnboundKey, - AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305, - }, - fips::{assert_fips_status_indicator, FipsServiceStatus}, +use crate::aead::nonce_sequence::Counter64Builder; +use crate::aead::{ + Aad, BoundKey, Nonce, OpeningKey, RandomizedNonceKey, SealingKey, TlsProtocolId, + TlsRecordOpeningKey, TlsRecordSealingKey, UnboundKey, AES_128_GCM, AES_256_GCM, + CHACHA20_POLY1305, }; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; const TEST_KEY_128_BIT: [u8; 16] = [ 0x9f, 0xd9, 0x41, 0xc3, 0xa6, 0xfe, 0xb9, 0x26, 0x2a, 0x35, 0xa7, 0x44, 0xbb, 0xc0, 0x3a, 0x6a, diff --git a/aws-lc-rs/src/aead/tests/fips/chacha20_poly1305_openssh.rs b/aws-lc-rs/src/aead/tests/fips/chacha20_poly1305_openssh.rs index e441233978d..8e5b16349a0 100644 --- a/aws-lc-rs/src/aead/tests/fips/chacha20_poly1305_openssh.rs +++ b/aws-lc-rs/src/aead/tests/fips/chacha20_poly1305_openssh.rs @@ -1,10 +1,8 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aead::chacha20_poly1305_openssh::{OpeningKey, SealingKey}, - fips::{assert_fips_status_indicator, FipsServiceStatus}, -}; +use crate::aead::chacha20_poly1305_openssh::{OpeningKey, SealingKey}; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; use super::TEST_MESSAGE; diff --git a/aws-lc-rs/src/aead/tests/fips/quic.rs b/aws-lc-rs/src/aead/tests/fips/quic.rs index 4e8157b0e55..d687990c94b 100644 --- a/aws-lc-rs/src/aead/tests/fips/quic.rs +++ b/aws-lc-rs/src/aead/tests/fips/quic.rs @@ -1,10 +1,8 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aead::quic::{HeaderProtectionKey, AES_128, AES_256, CHACHA20}, - fips::{assert_fips_status_indicator, FipsServiceStatus}, -}; +use crate::aead::quic::{HeaderProtectionKey, AES_128, AES_256, CHACHA20}; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; use super::{TEST_KEY_128_BIT, TEST_KEY_256_BIT}; diff --git a/aws-lc-rs/src/aead/tls.rs b/aws-lc-rs/src/aead/tls.rs index 756c8f7075a..980ddae8f52 100644 --- a/aws-lc-rs/src/aead/tls.rs +++ b/aws-lc-rs/src/aead/tls.rs @@ -1,12 +1,11 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use super::{ - aead_ctx::{self, AeadCtx}, - Aad, Algorithm, AlgorithmID, Nonce, Tag, UnboundKey, -}; +use super::aead_ctx::{self, AeadCtx}; +use super::{Aad, Algorithm, AlgorithmID, Nonce, Tag, UnboundKey}; use crate::error::Unspecified; -use core::{fmt::Debug, ops::RangeFrom}; +use core::fmt::Debug; +use core::ops::RangeFrom; /// The Transport Layer Security (TLS) protocol version. #[allow(clippy::module_name_repetitions)] @@ -297,10 +296,8 @@ impl Debug for TlsRecordOpeningKey { #[cfg(test)] mod tests { use super::{TlsProtocolId, TlsRecordOpeningKey, TlsRecordSealingKey}; - use crate::{ - aead::{Aad, Nonce, AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305}, - test::from_hex, - }; + use crate::aead::{Aad, Nonce, AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305}; + use crate::test::from_hex; use paste::paste; const TEST_128_BIT_KEY: &[u8] = &[ diff --git a/aws-lc-rs/src/aead/unbound_key.rs b/aws-lc-rs/src/aead/unbound_key.rs index 7605fe33c10..b622959fa01 100644 --- a/aws-lc-rs/src/aead/unbound_key.rs +++ b/aws-lc-rs/src/aead/unbound_key.rs @@ -1,20 +1,22 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC +use super::aead_ctx::AeadCtx; use super::{ - aead_ctx::AeadCtx, Algorithm, Nonce, Tag, AES_128_GCM, AES_128_GCM_SIV, AES_192_GCM, - AES_256_GCM, AES_256_GCM_SIV, CHACHA20_POLY1305, MAX_KEY_LEN, MAX_TAG_LEN, NONCE_LEN, + Algorithm, Nonce, Tag, AES_128_GCM, AES_128_GCM_SIV, AES_192_GCM, AES_256_GCM, AES_256_GCM_SIV, + CHACHA20_POLY1305, MAX_KEY_LEN, MAX_TAG_LEN, NONCE_LEN, }; -use crate::{ - aws_lc::{ - EVP_AEAD_CTX_open, EVP_AEAD_CTX_open_gather, EVP_AEAD_CTX_seal, EVP_AEAD_CTX_seal_scatter, - }, - error::Unspecified, - fips::indicator_check, - hkdf, - iv::FixedLength, +use crate::aws_lc::{ + EVP_AEAD_CTX_open, EVP_AEAD_CTX_open_gather, EVP_AEAD_CTX_seal, EVP_AEAD_CTX_seal_scatter, }; -use core::{fmt::Debug, mem::MaybeUninit, ops::RangeFrom, ptr::null}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::hkdf; +use crate::iv::FixedLength; +use core::fmt::Debug; +use core::mem::MaybeUninit; +use core::ops::RangeFrom; +use core::ptr::null; /// The maximum length of a nonce returned by our AEAD API. const MAX_NONCE_LEN: usize = NONCE_LEN; diff --git a/aws-lc-rs/src/agreement.rs b/aws-lc-rs/src/agreement.rs index de3ba2ac3f1..75945542d36 100644 --- a/aws-lc-rs/src/agreement.rs +++ b/aws-lc-rs/src/agreement.rs @@ -53,33 +53,28 @@ mod ephemeral; pub use ephemeral::{agree_ephemeral, EphemeralPrivateKey}; -use crate::{ - aws_lc::{ - CBS_init, EVP_PKEY_CTX_new_id, EVP_PKEY_bits, EVP_PKEY_derive, EVP_PKEY_derive_init, - EVP_PKEY_derive_set_peer, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get_raw_private_key, - EVP_PKEY_get_raw_public_key, EVP_PKEY_id, EVP_PKEY_keygen, EVP_PKEY_keygen_init, - EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_marshal_public_key, - EVP_parse_public_key, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, BIGNUM, CBS, - EVP_PKEY, EVP_PKEY_X25519, NID_X25519, - }, - cbb::LcCBB, - ec, - ec::{ec_group_from_nid, evp_key_generate}, - error::{KeyRejected, Unspecified}, - fips::indicator_check, - hex, - ptr::{ConstPointer, LcPtr}, +use crate::aws_lc::{ + CBS_init, EVP_PKEY_CTX_new_id, EVP_PKEY_bits, EVP_PKEY_derive, EVP_PKEY_derive_init, + EVP_PKEY_derive_set_peer, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get_raw_private_key, + EVP_PKEY_get_raw_public_key, EVP_PKEY_id, EVP_PKEY_keygen, EVP_PKEY_keygen_init, + EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_marshal_public_key, + EVP_parse_public_key, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, BIGNUM, CBS, + EVP_PKEY, EVP_PKEY_X25519, NID_X25519, }; +use crate::cbb::LcCBB; +use crate::ec::{ec_group_from_nid, evp_key_generate}; +use crate::error::{KeyRejected, Unspecified}; +use crate::fips::indicator_check; +use crate::ptr::{ConstPointer, LcPtr}; +use crate::{ec, hex}; use crate::encoding::{ AsBigEndian, AsDer, Curve25519SeedBin, EcPrivateKeyBin, EcPrivateKeyRfc5915Der, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, }; -use core::{ - fmt, - fmt::{Debug, Formatter}, - ptr::null_mut, -}; +use core::fmt; +use core::fmt::{Debug, Formatter}; +use core::ptr::null_mut; use std::mem::MaybeUninit; #[allow(non_camel_case_types)] @@ -894,17 +889,15 @@ fn try_parse_x25519_subject_public_key_info_bytes( #[cfg(test)] mod tests { - use crate::{ - agreement::{ - agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey, ECDH_P256, ECDH_P384, - ECDH_P521, X25519, - }, - encoding::{ - AsBigEndian, AsDer, Curve25519SeedBin, EcPrivateKeyBin, EcPrivateKeyRfc5915Der, - EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, - }, - rand, test, + use crate::agreement::{ + agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey, ECDH_P256, ECDH_P384, + ECDH_P521, X25519, + }; + use crate::encoding::{ + AsBigEndian, AsDer, Curve25519SeedBin, EcPrivateKeyBin, EcPrivateKeyRfc5915Der, + EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, }; + use crate::{rand, test}; #[test] fn test_agreement_x25519() { diff --git a/aws-lc-rs/src/agreement/ephemeral.rs b/aws-lc-rs/src/agreement/ephemeral.rs index e98d1fa1011..5ca94dbe93e 100644 --- a/aws-lc-rs/src/agreement/ephemeral.rs +++ b/aws-lc-rs/src/agreement/ephemeral.rs @@ -1,15 +1,11 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - agreement::{agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey}, - error::Unspecified, - rand::SecureRandom, -}; -use core::{ - fmt, - fmt::{Debug, Formatter}, -}; +use crate::agreement::{agree, Algorithm, PrivateKey, PublicKey, UnparsedPublicKey}; +use crate::error::Unspecified; +use crate::rand::SecureRandom; +use core::fmt; +use core::fmt::{Debug, Formatter}; /// An ephemeral private key for use (only) with `agree_ephemeral`. The /// signature of `agree_ephemeral` ensures that an `PrivateKey` can be @@ -116,16 +112,12 @@ where #[cfg(test)] mod tests { - use crate::{ - agreement, - agreement::{AlgorithmID, PublicKey}, - encoding::{ - AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, - PublicKeyX509Der, - }, - error::Unspecified, - rand, test, test_file, + use crate::agreement::{AlgorithmID, PublicKey}; + use crate::encoding::{ + AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, }; + use crate::error::Unspecified; + use crate::{agreement, rand, test, test_file}; #[test] fn test_agreement_ecdh_x25519_rfc_iterated() { diff --git a/aws-lc-rs/src/bn.rs b/aws-lc-rs/src/bn.rs index 6da707f4f47..8e864d325ca 100644 --- a/aws-lc-rs/src/bn.rs +++ b/aws-lc-rs/src/bn.rs @@ -1,10 +1,8 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::{BN_bin2bn, BN_bn2bin, BN_new, BN_num_bits, BN_num_bytes, BN_set_u64, BIGNUM}, - ptr::{ConstPointer, DetachableLcPtr, LcPtr}, -}; +use crate::aws_lc::{BN_bin2bn, BN_bn2bin, BN_new, BN_num_bits, BN_num_bytes, BN_set_u64, BIGNUM}; +use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; use core::ptr::null_mut; impl TryFrom<&[u8]> for LcPtr { diff --git a/aws-lc-rs/src/buffer.rs b/aws-lc-rs/src/buffer.rs index 541550a6e1b..bf5c2d6dd37 100644 --- a/aws-lc-rs/src/buffer.rs +++ b/aws-lc-rs/src/buffer.rs @@ -7,7 +7,8 @@ #![allow(clippy::module_name_repetitions)] use alloc::borrow::Cow; -use core::{fmt, marker::PhantomData}; +use core::fmt; +use core::marker::PhantomData; use zeroize::Zeroize; diff --git a/aws-lc-rs/src/cbb.rs b/aws-lc-rs/src/cbb.rs index 9ea96307de5..ea23535af71 100644 --- a/aws-lc-rs/src/cbb.rs +++ b/aws-lc-rs/src/cbb.rs @@ -1,13 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::{CBB_cleanup, CBB_finish, CBB_init, CBB_init_fixed, CBB}, - buffer::Buffer, - error::Unspecified, - ptr::LcPtr, -}; -use core::{marker::PhantomData, mem::MaybeUninit, ptr::null_mut}; +use crate::aws_lc::{CBB_cleanup, CBB_finish, CBB_init, CBB_init_fixed, CBB}; +use crate::buffer::Buffer; +use crate::error::Unspecified; +use crate::ptr::LcPtr; +use core::marker::PhantomData; +use core::mem::MaybeUninit; +use core::ptr::null_mut; pub(crate) struct LcCBB<'a>(CBB, PhantomData<&'a CBB>); diff --git a/aws-lc-rs/src/cipher.rs b/aws-lc-rs/src/cipher.rs index 4f8c4196ad8..ebbc2eb9c19 100644 --- a/aws-lc-rs/src/cipher.rs +++ b/aws-lc-rs/src/cipher.rs @@ -228,19 +228,17 @@ mod streaming; pub use padded::{PaddedBlockDecryptingKey, PaddedBlockEncryptingKey}; pub use streaming::{BufferUpdate, StreamingDecryptingKey, StreamingEncryptingKey}; -use crate::{ - aws_lc::{ - EVP_aes_128_cbc, EVP_aes_128_cfb128, EVP_aes_128_ctr, EVP_aes_128_ecb, EVP_aes_192_cbc, - EVP_aes_192_cfb128, EVP_aes_192_ctr, EVP_aes_192_ecb, EVP_aes_256_cbc, EVP_aes_256_cfb128, - EVP_aes_256_ctr, EVP_aes_256_ecb, EVP_CIPHER, - }, - buffer::Buffer, - error::Unspecified, - hkdf, - hkdf::KeyType, - iv::{FixedLength, IV_LEN_128_BIT}, - ptr::ConstPointer, +use crate::aws_lc::{ + EVP_aes_128_cbc, EVP_aes_128_cfb128, EVP_aes_128_ctr, EVP_aes_128_ecb, EVP_aes_192_cbc, + EVP_aes_192_cfb128, EVP_aes_192_ctr, EVP_aes_192_ecb, EVP_aes_256_cbc, EVP_aes_256_cfb128, + EVP_aes_256_ctr, EVP_aes_256_ecb, EVP_CIPHER, }; +use crate::buffer::Buffer; +use crate::error::Unspecified; +use crate::hkdf; +use crate::hkdf::KeyType; +use crate::iv::{FixedLength, IV_LEN_128_BIT}; +use crate::ptr::ConstPointer; use core::fmt::Debug; use key::SymmetricCipherKey; diff --git a/aws-lc-rs/src/cipher/aes.rs b/aws-lc-rs/src/cipher/aes.rs index b4ae8af8a55..580e561b898 100644 --- a/aws-lc-rs/src/cipher/aes.rs +++ b/aws-lc-rs/src/cipher/aes.rs @@ -3,15 +3,13 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::{ - AES_cbc_encrypt, AES_cfb128_encrypt, AES_ctr128_encrypt, AES_ecb_encrypt, AES_DECRYPT, - AES_ENCRYPT, AES_KEY, - }, - cipher::block::Block, - error::Unspecified, - fips::indicator_check, +use crate::aws_lc::{ + AES_cbc_encrypt, AES_cfb128_encrypt, AES_ctr128_encrypt, AES_ecb_encrypt, AES_DECRYPT, + AES_ENCRYPT, AES_KEY, }; +use crate::cipher::block::Block; +use crate::error::Unspecified; +use crate::fips::indicator_check; use zeroize::Zeroize; use super::{DecryptionContext, EncryptionContext, OperatingMode, SymmetricCipherKey}; diff --git a/aws-lc-rs/src/cipher/chacha.rs b/aws-lc-rs/src/cipher/chacha.rs index dbeefb70400..b7514737817 100644 --- a/aws-lc-rs/src/cipher/chacha.rs +++ b/aws-lc-rs/src/cipher/chacha.rs @@ -4,10 +4,8 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::CRYPTO_chacha_20, - cipher::block::{Block, BLOCK_LEN}, -}; +use crate::aws_lc::CRYPTO_chacha_20; +use crate::cipher::block::{Block, BLOCK_LEN}; use zeroize::Zeroize; use crate::error; diff --git a/aws-lc-rs/src/cipher/key.rs b/aws-lc-rs/src/cipher/key.rs index f333d54835e..e684783a8cd 100644 --- a/aws-lc-rs/src/cipher/key.rs +++ b/aws-lc-rs/src/cipher/key.rs @@ -1,17 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::{AES_set_decrypt_key, AES_set_encrypt_key, AES_KEY}, - cipher::{ - block::Block, chacha::ChaCha20Key, AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN, - }, - error::Unspecified, -}; -use core::{ - mem::{size_of, MaybeUninit}, - ptr::copy_nonoverlapping, -}; +use crate::aws_lc::{AES_set_decrypt_key, AES_set_encrypt_key, AES_KEY}; +use crate::cipher::block::Block; +use crate::cipher::chacha::ChaCha20Key; +use crate::cipher::{AES_128_KEY_LEN, AES_192_KEY_LEN, AES_256_KEY_LEN}; +use crate::error::Unspecified; +use core::mem::{size_of, MaybeUninit}; +use core::ptr::copy_nonoverlapping; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_uint; use std::os::raw::c_uint; @@ -133,13 +129,9 @@ impl SymmetricCipherKey { #[cfg(test)] mod tests { - use crate::{ - cipher::{ - block::{Block, BLOCK_LEN}, - key::SymmetricCipherKey, - }, - test::from_hex, - }; + use crate::cipher::block::{Block, BLOCK_LEN}; + use crate::cipher::key::SymmetricCipherKey; + use crate::test::from_hex; #[test] fn test_encrypt_block_aes_128() { diff --git a/aws-lc-rs/src/cipher/padded.rs b/aws-lc-rs/src/cipher/padded.rs index b99c9389ef9..bb1b70225a4 100644 --- a/aws-lc-rs/src/cipher/padded.rs +++ b/aws-lc-rs/src/cipher/padded.rs @@ -1,13 +1,12 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - cipher, - cipher::{ - key::SymmetricCipherKey, Algorithm, DecryptionContext, EncryptionContext, OperatingMode, - UnboundCipherKey, MAX_CIPHER_BLOCK_LEN, - }, - error::Unspecified, +use crate::cipher; +use crate::cipher::key::SymmetricCipherKey; +use crate::cipher::{ + Algorithm, DecryptionContext, EncryptionContext, OperatingMode, UnboundCipherKey, + MAX_CIPHER_BLOCK_LEN, }; +use crate::error::Unspecified; use core::fmt::Debug; /// The cipher block padding strategy. @@ -292,14 +291,13 @@ impl Debug for PaddedBlockDecryptingKey { #[cfg(test)] mod tests { - use crate::{ - cipher::{ - padded::PaddingStrategy, Algorithm, EncryptionContext, OperatingMode, - PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, - }, - iv::FixedLength, - test::from_hex, + use crate::cipher::padded::PaddingStrategy; + use crate::cipher::{ + Algorithm, EncryptionContext, OperatingMode, PaddedBlockDecryptingKey, + PaddedBlockEncryptingKey, UnboundCipherKey, AES_128, AES_256, }; + use crate::iv::FixedLength; + use crate::test::from_hex; fn helper_test_padded_cipher_n_bytes( key: &[u8], diff --git a/aws-lc-rs/src/cipher/streaming.rs b/aws-lc-rs/src/cipher/streaming.rs index e327e0553ab..51aba245d1c 100644 --- a/aws-lc-rs/src/cipher/streaming.rs +++ b/aws-lc-rs/src/cipher/streaming.rs @@ -1,17 +1,17 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::{ - EVP_CIPHER_CTX_new, EVP_CIPHER_iv_length, EVP_CIPHER_key_length, EVP_DecryptFinal_ex, - EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_EncryptFinal_ex, EVP_EncryptInit_ex, - EVP_EncryptUpdate, EVP_CIPHER, EVP_CIPHER_CTX, - }, - cipher::{Algorithm, DecryptionContext, EncryptionContext, OperatingMode, UnboundCipherKey}, - error::Unspecified, - fips::indicator_check, - ptr::LcPtr, +use crate::aws_lc::{ + EVP_CIPHER_CTX_new, EVP_CIPHER_iv_length, EVP_CIPHER_key_length, EVP_DecryptFinal_ex, + EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_EncryptFinal_ex, EVP_EncryptInit_ex, + EVP_EncryptUpdate, EVP_CIPHER, EVP_CIPHER_CTX, }; +use crate::cipher::{ + Algorithm, DecryptionContext, EncryptionContext, OperatingMode, UnboundCipherKey, +}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::ptr::LcPtr; use std::ptr::{null, null_mut}; use super::ConstPointer; @@ -500,15 +500,13 @@ impl StreamingDecryptingKey { #[cfg(test)] mod tests { - use crate::{ - cipher::{ - DecryptionContext, EncryptionContext, OperatingMode, StreamingDecryptingKey, - StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_256, AES_256_KEY_LEN, - }, - iv::{FixedLength, IV_LEN_128_BIT}, - rand::{SecureRandom, SystemRandom}, - test::from_hex, + use crate::cipher::{ + DecryptionContext, EncryptionContext, OperatingMode, StreamingDecryptingKey, + StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_256, AES_256_KEY_LEN, }; + use crate::iv::{FixedLength, IV_LEN_128_BIT}; + use crate::rand::{SecureRandom, SystemRandom}; + use crate::test::from_hex; use paste::*; fn step_encrypt( diff --git a/aws-lc-rs/src/cipher/tests/fips.rs b/aws-lc-rs/src/cipher/tests/fips.rs index 77f5a9a5bd4..59c4c9015d3 100644 --- a/aws-lc-rs/src/cipher/tests/fips.rs +++ b/aws-lc-rs/src/cipher/tests/fips.rs @@ -3,14 +3,11 @@ #![cfg(debug_assertions)] -use crate::{ - cipher::{ - DecryptingKey, EncryptingKey, PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, - StreamingDecryptingKey, StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_192, - AES_256, - }, - fips::{assert_fips_status_indicator, FipsServiceStatus}, +use crate::cipher::{ + DecryptingKey, EncryptingKey, PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, + StreamingDecryptingKey, StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_192, AES_256, }; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; const TEST_KEY_128_BIT: [u8; 16] = [ 0x9f, 0xd9, 0x41, 0xc3, 0xa6, 0xfe, 0xb9, 0x26, 0x2a, 0x35, 0xa7, 0x44, 0xbb, 0xc0, 0x3a, 0x6a, diff --git a/aws-lc-rs/src/constant_time.rs b/aws-lc-rs/src/constant_time.rs index d81ce5633f1..1677ef6ec9a 100644 --- a/aws-lc-rs/src/constant_time.rs +++ b/aws-lc-rs/src/constant_time.rs @@ -5,7 +5,8 @@ //! Constant-time operations. -use crate::{aws_lc::CRYPTO_memcmp, error}; +use crate::aws_lc::CRYPTO_memcmp; +use crate::error; /// Returns `Ok(())` if `a == b` and `Err(error::Unspecified)` otherwise. /// diff --git a/aws-lc-rs/src/digest.rs b/aws-lc-rs/src/digest.rs index de867ca05d0..b46d22334ff 100644 --- a/aws-lc-rs/src/digest.rs +++ b/aws-lc-rs/src/digest.rs @@ -28,18 +28,17 @@ //! ``` #![allow(non_snake_case)] -use crate::{debug, derive_debug_via_id, fips::indicator_check}; +use crate::fips::indicator_check; +use crate::{debug, derive_debug_via_id}; pub(crate) mod digest_ctx; mod sha; -use crate::{ - aws_lc::{ - EVP_DigestFinal, EVP_DigestUpdate, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, - EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_sha512, EVP_sha512_256, EVP_MD, - }, - error::Unspecified, - ptr::ConstPointer, +use crate::aws_lc::{ + EVP_DigestFinal, EVP_DigestUpdate, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha3_256, + EVP_sha3_384, EVP_sha3_512, EVP_sha512, EVP_sha512_256, EVP_MD, }; +use crate::error::Unspecified; +use crate::ptr::ConstPointer; use core::mem::MaybeUninit; use digest_ctx::DigestContext; pub use sha::{ @@ -367,7 +366,8 @@ mod tests { extern crate alloc; use super::super::super::digest; - use crate::digest::{digest_ctx::DigestContext, Digest}; + use crate::digest::digest_ctx::DigestContext; + use crate::digest::Digest; use alloc::vec; macro_rules! max_input_tests { diff --git a/aws-lc-rs/src/digest/digest_ctx.rs b/aws-lc-rs/src/digest/digest_ctx.rs index 155e885c20d..02714dc0e44 100644 --- a/aws-lc-rs/src/digest/digest_ctx.rs +++ b/aws-lc-rs/src/digest/digest_ctx.rs @@ -1,12 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::{EVP_DigestInit_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_copy, EVP_MD_CTX_init, EVP_MD_CTX}, - digest::{match_digest_type, Algorithm}, - error::Unspecified, +use crate::aws_lc::{ + EVP_DigestInit_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_copy, EVP_MD_CTX_init, EVP_MD_CTX, }; -use core::{mem::MaybeUninit, ptr::null_mut}; +use crate::digest::{match_digest_type, Algorithm}; +use crate::error::Unspecified; +use core::mem::MaybeUninit; +use core::ptr::null_mut; pub(crate) struct DigestContext(EVP_MD_CTX); diff --git a/aws-lc-rs/src/digest/tests/fips.rs b/aws-lc-rs/src/digest/tests/fips.rs index f2a83d33d5d..9ccff8a5f16 100644 --- a/aws-lc-rs/src/digest/tests/fips.rs +++ b/aws-lc-rs/src/digest/tests/fips.rs @@ -3,13 +3,11 @@ #![cfg(debug_assertions)] -use crate::{ - digest::{ - Context, SHA1_FOR_LEGACY_USE_ONLY, SHA224, SHA256, SHA384, SHA3_256, SHA3_384, SHA3_512, - SHA512, SHA512_256, - }, - fips::{assert_fips_status_indicator, FipsServiceStatus}, +use crate::digest::{ + Context, SHA1_FOR_LEGACY_USE_ONLY, SHA224, SHA256, SHA384, SHA3_256, SHA3_384, SHA3_512, + SHA512, SHA512_256, }; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; const TEST_MESSAGE: &str = "test message"; diff --git a/aws-lc-rs/src/ec.rs b/aws-lc-rs/src/ec.rs index 8345ab03240..56264350b3a 100644 --- a/aws-lc-rs/src/ec.rs +++ b/aws-lc-rs/src/ec.rs @@ -4,10 +4,8 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC use crate::ec::signature::AlgorithmID; -use core::{ - mem::MaybeUninit, - ptr::{null, null_mut}, -}; +use core::mem::MaybeUninit; +use core::ptr::{null, null_mut}; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_int; use std::os::raw::c_int; @@ -27,12 +25,10 @@ use crate::aws_lc::{ EC_GROUP, EC_KEY, EC_POINT, EVP_PKEY, EVP_PKEY_EC, }; -use crate::{ - error::{KeyRejected, Unspecified}, - fips::indicator_check, - ptr::{ConstPointer, DetachableLcPtr, LcPtr}, - signature::Signature, -}; +use crate::error::{KeyRejected, Unspecified}; +use crate::fips::indicator_check; +use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; +use crate::signature::Signature; pub(crate) mod key_pair; pub(crate) mod signature; @@ -427,19 +423,15 @@ pub(crate) const fn uncompressed_public_key_size_bytes(curve_field_bits: usize) #[cfg(test)] mod tests { - use crate::{ - encoding::{ - AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, - PublicKeyX509Der, - }, - signature, - signature::{ - EcdsaKeyPair, KeyPair, UnparsedPublicKey, ECDSA_P256_SHA256_FIXED, - ECDSA_P256_SHA256_FIXED_SIGNING, - }, - test, - test::from_dirty_hex, + use crate::encoding::{ + AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, + }; + use crate::signature::{ + EcdsaKeyPair, KeyPair, UnparsedPublicKey, ECDSA_P256_SHA256_FIXED, + ECDSA_P256_SHA256_FIXED_SIGNING, }; + use crate::test::from_dirty_hex; + use crate::{signature, test}; #[test] fn test_from_pkcs8() { diff --git a/aws-lc-rs/src/ec/key_pair.rs b/aws-lc-rs/src/ec/key_pair.rs index 7796da23359..a6a782fb79b 100644 --- a/aws-lc-rs/src/ec/key_pair.rs +++ b/aws-lc-rs/src/ec/key_pair.rs @@ -3,37 +3,29 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use core::{ - fmt, - fmt::{Debug, Formatter}, - mem::MaybeUninit, - ptr::{null, null_mut}, -}; +use core::fmt; +use core::fmt::{Debug, Formatter}; +use core::mem::MaybeUninit; +use core::ptr::{null, null_mut}; use crate::aws_lc::{EVP_DigestSign, EVP_DigestSignInit, EVP_PKEY_get0_EC_KEY, EVP_PKEY}; +use crate::digest::digest_ctx::DigestContext; +use crate::ec::evp_key_generate; +use crate::ec::signature::{EcdsaSignatureFormat, EcdsaSigningAlgorithm, PublicKey}; #[cfg(feature = "fips")] use crate::ec::validate_evp_key; #[cfg(not(feature = "fips"))] use crate::ec::verify_evp_key_nid; -use crate::{ - digest::digest_ctx::DigestContext, - ec::{ - evp_key_generate, - signature::{EcdsaSignatureFormat, EcdsaSigningAlgorithm, PublicKey}, - }, -}; - -use crate::{ - digest, ec, - encoding::{AsBigEndian, AsDer, EcPrivateKeyBin, EcPrivateKeyRfc5915Der}, - error::{KeyRejected, Unspecified}, - fips::indicator_check, - pkcs8::{Document, Version}, - ptr::{ConstPointer, DetachableLcPtr, LcPtr}, - rand::SecureRandom, - signature::{KeyPair, Signature}, -}; + +use crate::encoding::{AsBigEndian, AsDer, EcPrivateKeyBin, EcPrivateKeyRfc5915Der}; +use crate::error::{KeyRejected, Unspecified}; +use crate::fips::indicator_check; +use crate::pkcs8::{Document, Version}; +use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; +use crate::rand::SecureRandom; +use crate::signature::{KeyPair, Signature}; +use crate::{digest, ec}; /// An ECDSA key pair, used for signing. #[allow(clippy::module_name_repetitions)] diff --git a/aws-lc-rs/src/ec/signature.rs b/aws-lc-rs/src/ec/signature.rs index 5fe422d78b3..1b4206eebb0 100644 --- a/aws-lc-rs/src/ec/signature.rs +++ b/aws-lc-rs/src/ec/signature.rs @@ -8,27 +8,24 @@ use crate::aws_lc::{ BIGNUM, ECDSA_SIG, EVP_PKEY, }; -use crate::{ - digest, - digest::digest_ctx::DigestContext, - ec::{ - compressed_public_key_size_bytes, ec_point_from_bytes, marshal_ec_public_key_to_buffer, - marshal_public_key_to_buffer, try_parse_public_key_bytes, PUBLIC_KEY_MAX_LEN, - }, - encoding::{ - AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, - }, - error::Unspecified, - fips::indicator_check, - ptr::{ConstPointer, DetachableLcPtr, LcPtr}, - sealed, - signature::VerificationAlgorithm, +use crate::digest::digest_ctx::DigestContext; +use crate::ec::{ + compressed_public_key_size_bytes, ec_point_from_bytes, marshal_ec_public_key_to_buffer, + marshal_public_key_to_buffer, try_parse_public_key_bytes, PUBLIC_KEY_MAX_LEN, }; -use core::{ - fmt, - fmt::{Debug, Formatter}, +use crate::encoding::{ + AsBigEndian, AsDer, EcPublicKeyCompressedBin, EcPublicKeyUncompressedBin, PublicKeyX509Der, }; -use std::{mem::MaybeUninit, ops::Deref, ptr::null_mut}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; +use crate::signature::VerificationAlgorithm; +use crate::{digest, sealed}; +use core::fmt; +use core::fmt::{Debug, Formatter}; +use std::mem::MaybeUninit; +use std::ops::Deref; +use std::ptr::null_mut; #[cfg(feature = "ring-sig-verify")] use untrusted::Input; diff --git a/aws-lc-rs/src/ed25519.rs b/aws-lc-rs/src/ed25519.rs index bd3042e5d05..efd6229fe79 100644 --- a/aws-lc-rs/src/ed25519.rs +++ b/aws-lc-rs/src/ed25519.rs @@ -3,12 +3,10 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use core::{ - fmt, - fmt::{Debug, Formatter}, - mem::MaybeUninit, - ptr::null_mut, -}; +use core::fmt; +use core::fmt::{Debug, Formatter}; +use core::mem::MaybeUninit; +use core::ptr::null_mut; use std::marker::PhantomData; #[cfg(feature = "ring-sig-verify")] @@ -22,20 +20,18 @@ use crate::aws_lc::{ EVP_PKEY_ED25519, }; -use crate::{ - cbb::LcCBB, - constant_time, - digest::digest_ctx::DigestContext, - encoding::{AsBigEndian, AsDer, Curve25519SeedBin, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der}, - error::{KeyRejected, Unspecified}, - fips::indicator_check, - hex, - pkcs8::{Document, Version}, - ptr::LcPtr, - rand::SecureRandom, - sealed, - signature::{KeyPair, Signature, VerificationAlgorithm}, +use crate::cbb::LcCBB; +use crate::digest::digest_ctx::DigestContext; +use crate::encoding::{ + AsBigEndian, AsDer, Curve25519SeedBin, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der, }; +use crate::error::{KeyRejected, Unspecified}; +use crate::fips::indicator_check; +use crate::pkcs8::{Document, Version}; +use crate::ptr::LcPtr; +use crate::rand::SecureRandom; +use crate::signature::{KeyPair, Signature, VerificationAlgorithm}; +use crate::{constant_time, hex, sealed}; /// The length of an Ed25519 public key. pub const ED25519_PUBLIC_KEY_LEN: usize = aws_lc::ED25519_PUBLIC_KEY_LEN as usize; @@ -570,14 +566,11 @@ impl AsDer> for Ed25519KeyPair { #[cfg(test)] mod tests { - use crate::{ - ed25519::Ed25519KeyPair, - encoding::{AsBigEndian, AsDer, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der}, - hex, - rand::SystemRandom, - signature::{KeyPair, UnparsedPublicKey, ED25519}, - test, - }; + use crate::ed25519::Ed25519KeyPair; + use crate::encoding::{AsBigEndian, AsDer, Pkcs8V1Der, Pkcs8V2Der, PublicKeyX509Der}; + use crate::rand::SystemRandom; + use crate::signature::{KeyPair, UnparsedPublicKey, ED25519}; + use crate::{hex, test}; #[test] fn test_generate() { diff --git a/aws-lc-rs/src/error.rs b/aws-lc-rs/src/error.rs index df63d45d45c..a754ae5a35b 100644 --- a/aws-lc-rs/src/error.rs +++ b/aws-lc-rs/src/error.rs @@ -232,7 +232,8 @@ impl From for KeyRejected { #[allow(deprecated, unused_imports)] #[cfg(test)] mod tests { - use crate::{error::KeyRejected, test}; + use crate::error::KeyRejected; + use crate::test; use std::error::Error; #[test] diff --git a/aws-lc-rs/src/evp_pkey.rs b/aws-lc-rs/src/evp_pkey.rs index 3dbfe4faef4..d98ea5379da 100644 --- a/aws-lc-rs/src/evp_pkey.rs +++ b/aws-lc-rs/src/evp_pkey.rs @@ -1,22 +1,21 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use crate::{ - aws_lc::{ - EVP_PKEY_CTX_new, EVP_PKEY_bits, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_id, - EVP_PKEY_up_ref, EVP_marshal_private_key, EVP_marshal_private_key_v2, - EVP_parse_private_key, EC_KEY, EVP_PKEY, EVP_PKEY_CTX, RSA, - }, - cbb::LcCBB, - cbs, - ec::PKCS8_DOCUMENT_MAX_LEN, - error::{KeyRejected, Unspecified}, - pkcs8::Version, - ptr::LcPtr, +use crate::aws_lc::{ + EVP_PKEY_CTX_new, EVP_PKEY_bits, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_id, + EVP_PKEY_up_ref, EVP_marshal_private_key, EVP_marshal_private_key_v2, EVP_parse_private_key, + EC_KEY, EVP_PKEY, EVP_PKEY_CTX, RSA, }; +use crate::cbb::LcCBB; +use crate::cbs; +use crate::ec::PKCS8_DOCUMENT_MAX_LEN; +use crate::error::{KeyRejected, Unspecified}; +use crate::pkcs8::Version; +use crate::ptr::LcPtr; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_int; -use std::{os::raw::c_int, ptr::null_mut}; +use std::os::raw::c_int; +use std::ptr::null_mut; impl TryFrom<&[u8]> for LcPtr { type Error = KeyRejected; diff --git a/aws-lc-rs/src/hkdf.rs b/aws-lc-rs/src/hkdf.rs index 7a0d09254df..b7dddf4ee22 100644 --- a/aws-lc-rs/src/hkdf.rs +++ b/aws-lc-rs/src/hkdf.rs @@ -37,13 +37,10 @@ //! let aead_unbound_key = aead::UnboundKey::from(aes_keying_material); //! ``` -use crate::{ - aws_lc::{HKDF_expand, HKDF}, - digest, - error::Unspecified, - fips::indicator_check, - hmac, -}; +use crate::aws_lc::{HKDF_expand, HKDF}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::{digest, hmac}; use alloc::sync::Arc; use core::fmt; use zeroize::Zeroize; diff --git a/aws-lc-rs/src/hkdf/tests/fips.rs b/aws-lc-rs/src/hkdf/tests/fips.rs index d628ab3c69e..b58672c3900 100644 --- a/aws-lc-rs/src/hkdf/tests/fips.rs +++ b/aws-lc-rs/src/hkdf/tests/fips.rs @@ -3,11 +3,9 @@ #![cfg(debug_assertions)] -use crate::{ - fips::{assert_fips_status_indicator, FipsServiceStatus}, - hkdf::{ - KeyType, Prk, Salt, HKDF_SHA1_FOR_LEGACY_USE_ONLY, HKDF_SHA256, HKDF_SHA384, HKDF_SHA512, - }, +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; +use crate::hkdf::{ + KeyType, Prk, Salt, HKDF_SHA1_FOR_LEGACY_USE_ONLY, HKDF_SHA256, HKDF_SHA384, HKDF_SHA512, }; const TEST_KEY_128_BIT: [u8; 16] = [ diff --git a/aws-lc-rs/src/hmac.rs b/aws-lc-rs/src/hmac.rs index d1476f1bd85..a660823e184 100644 --- a/aws-lc-rs/src/hmac.rs +++ b/aws-lc-rs/src/hmac.rs @@ -95,17 +95,15 @@ //! ``` //! [RFC 2104]: https://tools.ietf.org/html/rfc2104 -use crate::{ - aws_lc::{ - HMAC_CTX_cleanup, HMAC_CTX_copy_ex, HMAC_CTX_init, HMAC_Final, HMAC_Init_ex, HMAC_Update, - HMAC_CTX, - }, - constant_time, digest, - error::Unspecified, - fips::indicator_check, - hkdf, +use crate::aws_lc::{ + HMAC_CTX_cleanup, HMAC_CTX_copy_ex, HMAC_CTX_init, HMAC_Final, HMAC_Init_ex, HMAC_Update, + HMAC_CTX, }; -use core::{mem::MaybeUninit, ptr::null_mut}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::{constant_time, digest, hkdf}; +use core::mem::MaybeUninit; +use core::ptr::null_mut; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_uint; use std::os::raw::c_uint; diff --git a/aws-lc-rs/src/hmac/tests/fips.rs b/aws-lc-rs/src/hmac/tests/fips.rs index f7c34aba5ab..d70606316ef 100644 --- a/aws-lc-rs/src/hmac/tests/fips.rs +++ b/aws-lc-rs/src/hmac/tests/fips.rs @@ -3,15 +3,13 @@ #![cfg(debug_assertions)] -use crate::{ - digest::{SHA1_OUTPUT_LEN, SHA224_OUTPUT_LEN, SHA256_OUTPUT_LEN, SHA512_OUTPUT_LEN}, - fips::{assert_fips_status_indicator, FipsServiceStatus}, - hmac::{ - sign, verify, Key, HMAC_SHA1_FOR_LEGACY_USE_ONLY, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, - HMAC_SHA512, - }, - rand::{self, SystemRandom}, +use crate::digest::{SHA1_OUTPUT_LEN, SHA224_OUTPUT_LEN, SHA256_OUTPUT_LEN, SHA512_OUTPUT_LEN}; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; +use crate::hmac::{ + sign, verify, Key, HMAC_SHA1_FOR_LEGACY_USE_ONLY, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, + HMAC_SHA512, }; +use crate::rand::{self, SystemRandom}; const TEST_MESSAGE: &str = "test message"; diff --git a/aws-lc-rs/src/iv.rs b/aws-lc-rs/src/iv.rs index 8988139f017..b4f5684f7db 100644 --- a/aws-lc-rs/src/iv.rs +++ b/aws-lc-rs/src/iv.rs @@ -6,7 +6,8 @@ //! Initialization Vector (IV) cryptographic primitives -use crate::{error::Unspecified, rand}; +use crate::error::Unspecified; +use crate::rand; use zeroize::Zeroize; /// Length of a 128-bit IV in bytes. diff --git a/aws-lc-rs/src/kdf.rs b/aws-lc-rs/src/kdf.rs index 32fb80037e4..eaf91434f43 100644 --- a/aws-lc-rs/src/kdf.rs +++ b/aws-lc-rs/src/kdf.rs @@ -225,10 +225,10 @@ pub use sskdf::{ #[cfg(test)] mod tests { + use crate::kdf::sskdf::SskdfHmacAlgorithmId; use crate::kdf::{ get_kbkdf_ctr_hmac_algorithm, get_sskdf_digest_algorithm, get_sskdf_hmac_algorithm, - kbkdf_ctr_hmac, sskdf::SskdfHmacAlgorithmId, sskdf_digest, sskdf_hmac, - KbkdfCtrHmacAlgorithmId, SskdfDigestAlgorithmId, + kbkdf_ctr_hmac, sskdf_digest, sskdf_hmac, KbkdfCtrHmacAlgorithmId, SskdfDigestAlgorithmId, }; #[test] diff --git a/aws-lc-rs/src/kdf/kbkdf.rs b/aws-lc-rs/src/kdf/kbkdf.rs index 5412aab72f5..f5f2bdd9319 100644 --- a/aws-lc-rs/src/kdf/kbkdf.rs +++ b/aws-lc-rs/src/kdf/kbkdf.rs @@ -5,11 +5,9 @@ use crate::aws_lc::{KBKDF_ctr_hmac, EVP_MD}; -use crate::{ - digest::{match_digest_type, AlgorithmID}, - error::Unspecified, - ptr::ConstPointer, -}; +use crate::digest::{match_digest_type, AlgorithmID}; +use crate::error::Unspecified; +use crate::ptr::ConstPointer; /// KBKDF in Counter Mode with HMAC-SHA224 #[allow(dead_code)] diff --git a/aws-lc-rs/src/kdf/sskdf.rs b/aws-lc-rs/src/kdf/sskdf.rs index f2baa66c58f..2e4f0bfd2b4 100644 --- a/aws-lc-rs/src/kdf/sskdf.rs +++ b/aws-lc-rs/src/kdf/sskdf.rs @@ -5,11 +5,9 @@ use crate::aws_lc::{SSKDF_digest, SSKDF_hmac, EVP_MD}; -use crate::{ - digest::{match_digest_type, AlgorithmID}, - error::Unspecified, - ptr::ConstPointer, -}; +use crate::digest::{match_digest_type, AlgorithmID}; +use crate::error::Unspecified; +use crate::ptr::ConstPointer; /// SSKDF with HMAC-SHA224 #[allow(dead_code)] diff --git a/aws-lc-rs/src/kem.rs b/aws-lc-rs/src/kem.rs index f1c64d9a02f..3438855e5aa 100644 --- a/aws-lc-rs/src/kem.rs +++ b/aws-lc-rs/src/kem.rs @@ -45,20 +45,18 @@ //! //! # Ok::<(), aws_lc_rs::error::Unspecified>(()) //! ``` -use crate::{ - aws_lc::{ - EVP_PKEY_CTX_kem_set_params, EVP_PKEY_CTX_new_id, EVP_PKEY_decapsulate, - EVP_PKEY_encapsulate, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key, - EVP_PKEY_kem_new_raw_public_key, EVP_PKEY_keygen, EVP_PKEY_keygen_init, EVP_PKEY, - EVP_PKEY_KEM, - }, - buffer::Buffer, - encoding::generated_encodings, - error::{KeyRejected, Unspecified}, - ptr::LcPtr, +use crate::aws_lc::{ + EVP_PKEY_CTX_kem_set_params, EVP_PKEY_CTX_new_id, EVP_PKEY_decapsulate, EVP_PKEY_encapsulate, + EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key, EVP_PKEY_kem_new_raw_public_key, + EVP_PKEY_keygen, EVP_PKEY_keygen_init, EVP_PKEY, EVP_PKEY_KEM, }; +use crate::buffer::Buffer; +use crate::encoding::generated_encodings; +use crate::error::{KeyRejected, Unspecified}; +use crate::ptr::LcPtr; use alloc::borrow::Cow; -use core::{cmp::Ordering, ptr::null_mut}; +use core::cmp::Ordering; +use core::ptr::null_mut; use zeroize::Zeroize; const ML_KEM_512_SHARED_SECRET_LENGTH: usize = 32; diff --git a/aws-lc-rs/src/key_wrap.rs b/aws-lc-rs/src/key_wrap.rs index b62113e74d0..0e91f2bd1ad 100644 --- a/aws-lc-rs/src/key_wrap.rs +++ b/aws-lc-rs/src/key_wrap.rs @@ -32,16 +32,16 @@ //! # } //! ``` -use crate::{ - aws_lc::{ - AES_set_decrypt_key, AES_set_encrypt_key, AES_unwrap_key, AES_unwrap_key_padded, - AES_wrap_key, AES_wrap_key_padded, AES_KEY, - }, - error::Unspecified, - fips::indicator_check, - sealed::Sealed, +use crate::aws_lc::{ + AES_set_decrypt_key, AES_set_encrypt_key, AES_unwrap_key, AES_unwrap_key_padded, AES_wrap_key, + AES_wrap_key_padded, AES_KEY, }; -use core::{fmt::Debug, mem::MaybeUninit, ptr::null}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::sealed::Sealed; +use core::fmt::Debug; +use core::mem::MaybeUninit; +use core::ptr::null; mod tests; diff --git a/aws-lc-rs/src/key_wrap/tests/fips.rs b/aws-lc-rs/src/key_wrap/tests/fips.rs index 8fadc45c78e..45b609778ab 100644 --- a/aws-lc-rs/src/key_wrap/tests/fips.rs +++ b/aws-lc-rs/src/key_wrap/tests/fips.rs @@ -3,10 +3,8 @@ #![cfg(debug_assertions)] -use crate::{ - fips::{assert_fips_status_indicator, FipsServiceStatus}, - key_wrap::{AesKek, KeyWrap, KeyWrapPadded, AES_128, AES_256}, -}; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; +use crate::key_wrap::{AesKek, KeyWrap, KeyWrapPadded, AES_128, AES_256}; const K_128: &[u8] = &[ 0x60, 0x43, 0xb2, 0x73, 0xe9, 0x71, 0x26, 0x5e, 0x53, 0x8a, 0x6c, 0xcd, 0x5d, 0x5a, 0x11, 0xe4, diff --git a/aws-lc-rs/src/pbkdf2.rs b/aws-lc-rs/src/pbkdf2.rs index 64878493719..e83b45de014 100644 --- a/aws-lc-rs/src/pbkdf2.rs +++ b/aws-lc-rs/src/pbkdf2.rs @@ -103,10 +103,10 @@ //! assert!(db.verify_password("alice", "@74d7]404j|W}6u").is_ok()); //! } -use crate::{ - aws_lc::PKCS5_PBKDF2_HMAC, constant_time, digest, error::Unspecified, fips::indicator_check, - hmac, -}; +use crate::aws_lc::PKCS5_PBKDF2_HMAC; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::{constant_time, digest, hmac}; use core::num::NonZeroU32; use zeroize::Zeroize; diff --git a/aws-lc-rs/src/pbkdf2/tests/fips.rs b/aws-lc-rs/src/pbkdf2/tests/fips.rs index b027c7202c6..d9c64b9221e 100644 --- a/aws-lc-rs/src/pbkdf2/tests/fips.rs +++ b/aws-lc-rs/src/pbkdf2/tests/fips.rs @@ -5,12 +5,9 @@ use core::num::NonZeroU32; -use crate::{ - fips::{assert_fips_status_indicator, FipsServiceStatus}, - pbkdf2::{ - derive, verify, PBKDF2_HMAC_SHA1, PBKDF2_HMAC_SHA256, PBKDF2_HMAC_SHA384, - PBKDF2_HMAC_SHA512, - }, +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; +use crate::pbkdf2::{ + derive, verify, PBKDF2_HMAC_SHA1, PBKDF2_HMAC_SHA256, PBKDF2_HMAC_SHA384, PBKDF2_HMAC_SHA512, }; macro_rules! pbkdf2_api { diff --git a/aws-lc-rs/src/ptr.rs b/aws-lc-rs/src/ptr.rs index fcea640c683..7efe6a167dc 100644 --- a/aws-lc-rs/src/ptr.rs +++ b/aws-lc-rs/src/ptr.rs @@ -245,10 +245,8 @@ create_pointer!(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free); #[cfg(test)] mod tests { - use crate::{ - aws_lc::BIGNUM, - ptr::{DetachablePointer, ManagedPointer}, - }; + use crate::aws_lc::BIGNUM; + use crate::ptr::{DetachablePointer, ManagedPointer}; #[test] fn test_debug() { diff --git a/aws-lc-rs/src/rand.rs b/aws-lc-rs/src/rand.rs index 3f8aa527dcb..40360901185 100644 --- a/aws-lc-rs/src/rand.rs +++ b/aws-lc-rs/src/rand.rs @@ -32,7 +32,9 @@ //! let random_array = rand::generate(&rng).unwrap(); //! let more_rand_bytes: [u8; 64] = random_array.expose(); //! ``` -use crate::{aws_lc::RAND_bytes, error::Unspecified, fips::indicator_check}; +use crate::aws_lc::RAND_bytes; +use crate::error::Unspecified; +use crate::fips::indicator_check; use core::fmt::Debug; /// A secure random number generator. diff --git a/aws-lc-rs/src/rsa.rs b/aws-lc-rs/src/rsa.rs index 835ecceb48c..ffced1a8292 100644 --- a/aws-lc-rs/src/rsa.rs +++ b/aws-lc-rs/src/rsa.rs @@ -70,19 +70,15 @@ mod encryption; pub(crate) mod key; pub(crate) mod signature; +pub use self::encryption::oaep::{ + OaepAlgorithm, OaepPrivateDecryptingKey, OaepPublicEncryptingKey, OAEP_SHA1_MGF1SHA1, + OAEP_SHA256_MGF1SHA256, OAEP_SHA384_MGF1SHA384, OAEP_SHA512_MGF1SHA512, +}; +pub use self::encryption::pkcs1::{Pkcs1PrivateDecryptingKey, Pkcs1PublicEncryptingKey}; +pub use self::encryption::{EncryptionAlgorithmId, PrivateDecryptingKey, PublicEncryptingKey}; +pub use self::key::{KeyPair, KeySize, PublicKey, PublicKeyComponents}; #[allow(clippy::module_name_repetitions)] pub use self::signature::RsaParameters; -pub use self::{ - encryption::{ - oaep::{ - OaepAlgorithm, OaepPrivateDecryptingKey, OaepPublicEncryptingKey, OAEP_SHA1_MGF1SHA1, - OAEP_SHA256_MGF1SHA256, OAEP_SHA384_MGF1SHA384, OAEP_SHA512_MGF1SHA512, - }, - pkcs1::{Pkcs1PrivateDecryptingKey, Pkcs1PublicEncryptingKey}, - EncryptionAlgorithmId, PrivateDecryptingKey, PublicEncryptingKey, - }, - key::{KeyPair, KeySize, PublicKey, PublicKeyComponents}, -}; pub(crate) use self::signature::RsaVerificationAlgorithmId; @@ -94,7 +90,8 @@ mod tests { #[cfg(feature = "ring-io")] #[test] fn test_rsa() { - use crate::{signature::KeyPair, test::from_dirty_hex}; + use crate::signature::KeyPair; + use crate::test::from_dirty_hex; let rsa_pkcs8_input: Vec = from_dirty_hex( r"308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100b9d7a f84fa4184a5f22037ec8aff2db5f78bd8c21e714e579ae57c6398c4950f3a694b17bfccf488766159aec5bb7c2c4 diff --git a/aws-lc-rs/src/rsa/encoding.rs b/aws-lc-rs/src/rsa/encoding.rs index 267467010c2..a9a6dc3e0a3 100644 --- a/aws-lc-rs/src/rsa/encoding.rs +++ b/aws-lc-rs/src/rsa/encoding.rs @@ -3,14 +3,12 @@ /// PKCS#8 Encoding Functions pub(in crate::rsa) mod pkcs8 { - use crate::{ - aws_lc::{EVP_marshal_private_key, EVP_parse_private_key, EVP_PKEY}, - cbb::LcCBB, - cbs, - error::{KeyRejected, Unspecified}, - ptr::LcPtr, - rsa::key::is_rsa_key, - }; + use crate::aws_lc::{EVP_marshal_private_key, EVP_parse_private_key, EVP_PKEY}; + use crate::cbb::LcCBB; + use crate::cbs; + use crate::error::{KeyRejected, Unspecified}; + use crate::ptr::LcPtr; + use crate::rsa::key::is_rsa_key; // Based on a measurement of a PKCS#8 v1 document containing an RSA-8192 key with an additional 1% capacity buffer // rounded to an even 64-bit words (4678 + 1% + padding ≈ 4728). @@ -49,15 +47,13 @@ pub(in crate::rsa) mod pkcs8 { /// /// PKCS #1: RSA Cryptography Specifications Version 2.2 pub(in crate::rsa) mod rfc8017 { - use crate::{ - aws_lc::{ - EVP_PKEY_assign_RSA, EVP_PKEY_new, RSA_parse_private_key, RSA_public_key_from_bytes, - RSA_public_key_to_bytes, EVP_PKEY, - }, - cbs, - error::{KeyRejected, Unspecified}, - ptr::{DetachableLcPtr, LcPtr}, + use crate::aws_lc::{ + EVP_PKEY_assign_RSA, EVP_PKEY_new, RSA_parse_private_key, RSA_public_key_from_bytes, + RSA_public_key_to_bytes, EVP_PKEY, }; + use crate::cbs; + use crate::error::{KeyRejected, Unspecified}; + use crate::ptr::{DetachableLcPtr, LcPtr}; use std::ptr::null_mut; /// DER encode a RSA public key to `RSAPublicKey` structure. @@ -126,15 +122,13 @@ pub(in crate::rsa) mod rfc8017 { /// /// Encodings that use the `SubjectPublicKeyInfo` structure. pub(in crate::rsa) mod rfc5280 { - use crate::{ - aws_lc::{EVP_marshal_public_key, EVP_parse_public_key, EVP_PKEY}, - cbb::LcCBB, - cbs, - encoding::PublicKeyX509Der, - error::{KeyRejected, Unspecified}, - ptr::LcPtr, - rsa::key::{is_rsa_key, key_size_bytes}, - }; + use crate::aws_lc::{EVP_marshal_public_key, EVP_parse_public_key, EVP_PKEY}; + use crate::cbb::LcCBB; + use crate::cbs; + use crate::encoding::PublicKeyX509Der; + use crate::error::{KeyRejected, Unspecified}; + use crate::ptr::LcPtr; + use crate::rsa::key::{is_rsa_key, key_size_bytes}; pub(in crate::rsa) fn encode_public_key_der( key: &LcPtr, diff --git a/aws-lc-rs/src/rsa/encryption.rs b/aws-lc-rs/src/rsa/encryption.rs index bc0641292a3..cd9a5618522 100644 --- a/aws-lc-rs/src/rsa/encryption.rs +++ b/aws-lc-rs/src/rsa/encryption.rs @@ -4,17 +4,12 @@ pub(super) mod oaep; pub(super) mod pkcs1; -use super::{ - encoding, - key::{generate_rsa_key, is_rsa_key, key_size_bits, key_size_bytes}, - KeySize, -}; -use crate::{ - aws_lc::EVP_PKEY, - encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der}, - error::{KeyRejected, Unspecified}, - ptr::LcPtr, -}; +use super::key::{generate_rsa_key, is_rsa_key, key_size_bits, key_size_bytes}; +use super::{encoding, KeySize}; +use crate::aws_lc::EVP_PKEY; +use crate::encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der}; +use crate::error::{KeyRejected, Unspecified}; +use crate::ptr::LcPtr; use core::fmt::Debug; /// RSA Encryption Algorithm Identifier diff --git a/aws-lc-rs/src/rsa/encryption/oaep.rs b/aws-lc-rs/src/rsa/encryption/oaep.rs index 1108a7cec2b..35ff7603bd9 100644 --- a/aws-lc-rs/src/rsa/encryption/oaep.rs +++ b/aws-lc-rs/src/rsa/encryption/oaep.rs @@ -4,18 +4,18 @@ #![allow(clippy::module_name_repetitions)] use super::{EncryptionAlgorithmId, PrivateDecryptingKey, PublicEncryptingKey}; -use crate::{ - aws_lc::{ - EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_set_rsa_mgf1_md, - EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, - EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, EVP_PKEY_encrypt_init, EVP_sha1, EVP_sha256, - EVP_sha384, EVP_sha512, OPENSSL_malloc, EVP_MD, EVP_PKEY_CTX, RSA_PKCS1_OAEP_PADDING, - }, - error::Unspecified, - fips::indicator_check, - ptr::{DetachableLcPtr, LcPtr}, +use crate::aws_lc::{ + EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, + EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, + EVP_PKEY_encrypt_init, EVP_sha1, EVP_sha256, EVP_sha384, EVP_sha512, OPENSSL_malloc, EVP_MD, + EVP_PKEY_CTX, RSA_PKCS1_OAEP_PADDING, }; -use core::{fmt::Debug, mem::size_of_val, ptr::null_mut}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::ptr::{DetachableLcPtr, LcPtr}; +use core::fmt::Debug; +use core::mem::size_of_val; +use core::ptr::null_mut; /// RSA-OAEP with SHA1 Hash and SHA1 MGF1 pub const OAEP_SHA1_MGF1SHA1: OaepAlgorithm = OaepAlgorithm { diff --git a/aws-lc-rs/src/rsa/encryption/pkcs1.rs b/aws-lc-rs/src/rsa/encryption/pkcs1.rs index 6417049540c..ac47452b92a 100644 --- a/aws-lc-rs/src/rsa/encryption/pkcs1.rs +++ b/aws-lc-rs/src/rsa/encryption/pkcs1.rs @@ -4,15 +4,13 @@ #![allow(clippy::module_name_repetitions)] use super::{PrivateDecryptingKey, PublicEncryptingKey}; -use crate::{ - aws_lc::{ - EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, - EVP_PKEY_encrypt_init, EVP_PKEY_CTX, RSA_PKCS1_PADDING, - }, - error::Unspecified, - fips::indicator_check, - ptr::LcPtr, +use crate::aws_lc::{ + EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_decrypt, EVP_PKEY_decrypt_init, EVP_PKEY_encrypt, + EVP_PKEY_encrypt_init, EVP_PKEY_CTX, RSA_PKCS1_PADDING, }; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::ptr::LcPtr; use core::fmt::Debug; /// RSA PKCS1-v1.5 public key for encryption. diff --git a/aws-lc-rs/src/rsa/key.rs b/aws-lc-rs/src/rsa/key.rs index ac82a0f04a7..1fce720e9de 100644 --- a/aws-lc-rs/src/rsa/key.rs +++ b/aws-lc-rs/src/rsa/key.rs @@ -3,39 +3,31 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use super::{ - encoding, - signature::{compute_rsa_signature, RsaEncoding, RsaPadding}, - RsaParameters, -}; +use super::signature::{compute_rsa_signature, RsaEncoding, RsaPadding}; +use super::{encoding, RsaParameters}; #[cfg(feature = "fips")] use crate::aws_lc::RSA_check_fips; +use crate::aws_lc::{ + EVP_DigestSignInit, EVP_PKEY_assign_RSA, EVP_PKEY_bits, EVP_PKEY_new, EVP_PKEY_size, + RSA_generate_key_ex, RSA_generate_key_fips, RSA_new, RSA_set0_key, RSA_size, BIGNUM, EVP_PKEY, + EVP_PKEY_CTX, +}; #[cfg(feature = "ring-io")] use crate::aws_lc::{RSA_get0_e, RSA_get0_n}; +use crate::digest::{self}; +use crate::encoding::{AsDer, Pkcs8V1Der}; +use crate::error::{KeyRejected, Unspecified}; +use crate::fips::indicator_check; #[cfg(feature = "ring-io")] use crate::io; #[cfg(feature = "ring-io")] use crate::ptr::ConstPointer; -use crate::{ - aws_lc::{ - EVP_DigestSignInit, EVP_PKEY_assign_RSA, EVP_PKEY_bits, EVP_PKEY_new, EVP_PKEY_size, - RSA_generate_key_ex, RSA_generate_key_fips, RSA_new, RSA_set0_key, RSA_size, BIGNUM, - EVP_PKEY, EVP_PKEY_CTX, - }, - digest::{self}, - encoding::{AsDer, Pkcs8V1Der}, - error::{KeyRejected, Unspecified}, - fips::indicator_check, - hex, - ptr::{DetachableLcPtr, LcPtr}, - rand, - rsa::PublicEncryptingKey, - sealed::Sealed, -}; -use core::{ - fmt::{self, Debug, Formatter}, - ptr::null_mut, -}; +use crate::ptr::{DetachableLcPtr, LcPtr}; +use crate::rsa::PublicEncryptingKey; +use crate::sealed::Sealed; +use crate::{hex, rand}; +use core::fmt::{self, Debug, Formatter}; +use core::ptr::null_mut; // TODO: Uncomment when MSRV >= 1.64 // use core::ffi::c_int; diff --git a/aws-lc-rs/src/rsa/signature.rs b/aws-lc-rs/src/rsa/signature.rs index 687675ec117..b4300bb6ab0 100644 --- a/aws-lc-rs/src/rsa/signature.rs +++ b/aws-lc-rs/src/rsa/signature.rs @@ -1,12 +1,10 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use std::{ - fmt::{self, Debug, Formatter}, - mem::MaybeUninit, - ops::RangeInclusive, - ptr::{null, null_mut}, -}; +use std::fmt::{self, Debug, Formatter}; +use std::mem::MaybeUninit; +use std::ops::RangeInclusive; +use std::ptr::{null, null_mut}; use crate::aws_lc::{ EVP_DigestSign, EVP_DigestVerify, EVP_DigestVerifyInit, EVP_PKEY_CTX_set_rsa_padding, @@ -14,17 +12,13 @@ use crate::aws_lc::{ EVP_PKEY_CTX, RSA_PKCS1_PSS_PADDING, RSA_PSS_SALTLEN_DIGEST, }; -use crate::{ - digest::{ - digest_ctx::DigestContext, - {self}, - }, - error::Unspecified, - fips::indicator_check, - ptr::{ConstPointer, DetachableLcPtr, LcPtr}, - sealed::Sealed, - signature::VerificationAlgorithm, -}; +use crate::digest::digest_ctx::DigestContext; +use crate::digest::{self}; +use crate::error::Unspecified; +use crate::fips::indicator_check; +use crate::ptr::{ConstPointer, DetachableLcPtr, LcPtr}; +use crate::sealed::Sealed; +use crate::signature::VerificationAlgorithm; #[cfg(feature = "ring-sig-verify")] use untrusted::Input; diff --git a/aws-lc-rs/src/rsa/tests/fips.rs b/aws-lc-rs/src/rsa/tests/fips.rs index a844b71869a..c2c0ac19654 100644 --- a/aws-lc-rs/src/rsa/tests/fips.rs +++ b/aws-lc-rs/src/rsa/tests/fips.rs @@ -3,10 +3,8 @@ #![cfg(debug_assertions)] -use crate::{ - fips::{assert_fips_status_indicator, FipsServiceStatus}, - rsa::{KeyPair, KeySize, PrivateDecryptingKey}, -}; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; +use crate::rsa::{KeyPair, KeySize, PrivateDecryptingKey}; macro_rules! generate_key { ($name:ident, KeyPair, $size:expr) => { diff --git a/aws-lc-rs/src/signature.rs b/aws-lc-rs/src/signature.rs index 17e9898f342..ee375bdf627 100644 --- a/aws-lc-rs/src/signature.rs +++ b/aws-lc-rs/src/signature.rs @@ -238,26 +238,24 @@ use core::fmt::{Debug, Formatter}; #[cfg(feature = "ring-sig-verify")] use untrusted::Input; +pub use crate::rsa::signature::RsaEncoding; pub use crate::rsa::{ - signature::RsaEncoding, KeyPair as RsaKeyPair, PublicKey as RsaSubjectPublicKey, + KeyPair as RsaKeyPair, PublicKey as RsaSubjectPublicKey, PublicKeyComponents as RsaPublicKeyComponents, RsaParameters, }; -use crate::rsa::{ - signature::{RsaSignatureEncoding, RsaSigningAlgorithmId}, - RsaVerificationAlgorithmId, -}; +use crate::rsa::signature::{RsaSignatureEncoding, RsaSigningAlgorithmId}; +use crate::rsa::RsaVerificationAlgorithmId; -use crate::{digest, ec, ec::signature::EcdsaSignatureFormat, error, hex, rsa, sealed}; -pub use crate::{ - ec::{ - key_pair::{EcdsaKeyPair, PrivateKey as EcdsaPrivateKey}, - signature::{ - EcdsaSigningAlgorithm, EcdsaVerificationAlgorithm, PublicKey as EcdsaPublicKey, - }, - }, - ed25519::{Ed25519KeyPair, EdDSAParameters, Seed as Ed25519Seed, ED25519_PUBLIC_KEY_LEN}, +pub use crate::ec::key_pair::{EcdsaKeyPair, PrivateKey as EcdsaPrivateKey}; +use crate::ec::signature::EcdsaSignatureFormat; +pub use crate::ec::signature::{ + EcdsaSigningAlgorithm, EcdsaVerificationAlgorithm, PublicKey as EcdsaPublicKey, +}; +pub use crate::ed25519::{ + Ed25519KeyPair, EdDSAParameters, Seed as Ed25519Seed, ED25519_PUBLIC_KEY_LEN, }; +use crate::{digest, ec, error, hex, rsa, sealed}; /// The longest signature is an ASN.1 P-384 signature where *r* and *s* are of /// maximum length with the leading high bit set on each. Then each component @@ -796,10 +794,8 @@ pub static ED25519: EdDSAParameters = EdDSAParameters {}; mod tests { use regex::Regex; - use crate::{ - rand::{generate, SystemRandom}, - signature::{UnparsedPublicKey, ED25519}, - }; + use crate::rand::{generate, SystemRandom}; + use crate::signature::{UnparsedPublicKey, ED25519}; #[cfg(feature = "fips")] mod fips; diff --git a/aws-lc-rs/src/signature/tests/fips.rs b/aws-lc-rs/src/signature/tests/fips.rs index a8ef3e14938..b5080552773 100644 --- a/aws-lc-rs/src/signature/tests/fips.rs +++ b/aws-lc-rs/src/signature/tests/fips.rs @@ -3,27 +3,23 @@ #![cfg(debug_assertions)] -use crate::{ - fips::{assert_fips_status_indicator, FipsServiceStatus}, - rand::SystemRandom, - signature::{ - EcdsaKeyPair, Ed25519KeyPair, EdDSAParameters, KeyPair, RsaKeyPair, VerificationAlgorithm, - ECDSA_P256_SHA256_ASN1, ECDSA_P256_SHA256_ASN1_SIGNING, ECDSA_P256_SHA256_FIXED, - ECDSA_P256_SHA256_FIXED_SIGNING, ECDSA_P256_SHA384_ASN1, ECDSA_P384_SHA256_ASN1, - ECDSA_P384_SHA384_ASN1, ECDSA_P384_SHA384_ASN1_SIGNING, ECDSA_P384_SHA384_FIXED, - ECDSA_P384_SHA384_FIXED_SIGNING, ECDSA_P384_SHA3_384_ASN1, - ECDSA_P384_SHA3_384_ASN1_SIGNING, ECDSA_P384_SHA3_384_FIXED, - ECDSA_P384_SHA3_384_FIXED_SIGNING, ECDSA_P521_SHA3_512_ASN1, - ECDSA_P521_SHA3_512_ASN1_SIGNING, ECDSA_P521_SHA3_512_FIXED, - ECDSA_P521_SHA3_512_FIXED_SIGNING, ECDSA_P521_SHA512_ASN1, ECDSA_P521_SHA512_ASN1_SIGNING, - ECDSA_P521_SHA512_FIXED, ECDSA_P521_SHA512_FIXED_SIGNING, - RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY, - RSA_PKCS1_1024_8192_SHA256_FOR_LEGACY_USE_ONLY, - RSA_PKCS1_1024_8192_SHA512_FOR_LEGACY_USE_ONLY, RSA_PKCS1_2048_8192_SHA256, - RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, - RSA_PKCS1_SHA512, RSA_PSS_2048_8192_SHA256, RSA_PSS_2048_8192_SHA384, - RSA_PSS_2048_8192_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, - }, +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; +use crate::rand::SystemRandom; +use crate::signature::{ + EcdsaKeyPair, Ed25519KeyPair, EdDSAParameters, KeyPair, RsaKeyPair, VerificationAlgorithm, + ECDSA_P256_SHA256_ASN1, ECDSA_P256_SHA256_ASN1_SIGNING, ECDSA_P256_SHA256_FIXED, + ECDSA_P256_SHA256_FIXED_SIGNING, ECDSA_P256_SHA384_ASN1, ECDSA_P384_SHA256_ASN1, + ECDSA_P384_SHA384_ASN1, ECDSA_P384_SHA384_ASN1_SIGNING, ECDSA_P384_SHA384_FIXED, + ECDSA_P384_SHA384_FIXED_SIGNING, ECDSA_P384_SHA3_384_ASN1, ECDSA_P384_SHA3_384_ASN1_SIGNING, + ECDSA_P384_SHA3_384_FIXED, ECDSA_P384_SHA3_384_FIXED_SIGNING, ECDSA_P521_SHA3_512_ASN1, + ECDSA_P521_SHA3_512_ASN1_SIGNING, ECDSA_P521_SHA3_512_FIXED, ECDSA_P521_SHA3_512_FIXED_SIGNING, + ECDSA_P521_SHA512_ASN1, ECDSA_P521_SHA512_ASN1_SIGNING, ECDSA_P521_SHA512_FIXED, + ECDSA_P521_SHA512_FIXED_SIGNING, RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY, + RSA_PKCS1_1024_8192_SHA256_FOR_LEGACY_USE_ONLY, RSA_PKCS1_1024_8192_SHA512_FOR_LEGACY_USE_ONLY, + RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, + RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_2048_8192_SHA256, + RSA_PSS_2048_8192_SHA384, RSA_PSS_2048_8192_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, + RSA_PSS_SHA512, }; mod keys; diff --git a/aws-lc-rs/src/test.rs b/aws-lc-rs/src/test.rs index 2780fbd1fcc..d2743ea75df 100644 --- a/aws-lc-rs/src/test.rs +++ b/aws-lc-rs/src/test.rs @@ -487,16 +487,10 @@ pub mod rand { #[cfg(test)] mod tests { - use crate::{ - error, - rand::sealed::SecureRandom, - test, - test::{ - from_dirty_hex, - rand::{FixedByteRandom, FixedSliceRandom, FixedSliceSequenceRandom}, - to_hex_upper, - }, - }; + use crate::rand::sealed::SecureRandom; + use crate::test::rand::{FixedByteRandom, FixedSliceRandom, FixedSliceSequenceRandom}; + use crate::test::{from_dirty_hex, to_hex_upper}; + use crate::{error, test}; use core::cell::UnsafeCell; #[test] diff --git a/aws-lc-rs/src/tls_prf.rs b/aws-lc-rs/src/tls_prf.rs index f348bad9df4..e729ff7a20f 100644 --- a/aws-lc-rs/src/tls_prf.rs +++ b/aws-lc-rs/src/tls_prf.rs @@ -27,11 +27,9 @@ use core::fmt::Debug; -use crate::{ - digest::{match_digest_type, AlgorithmID}, - error::Unspecified, - fips::indicator_check, -}; +use crate::digest::{match_digest_type, AlgorithmID}; +use crate::error::Unspecified; +use crate::fips::indicator_check; use core::ptr::null; use crate::aws_lc::CRYPTO_tls1_prf; diff --git a/aws-lc-rs/src/tls_prf/tests/fips.rs b/aws-lc-rs/src/tls_prf/tests/fips.rs index 525abf6465d..e08270f84a6 100644 --- a/aws-lc-rs/src/tls_prf/tests/fips.rs +++ b/aws-lc-rs/src/tls_prf/tests/fips.rs @@ -3,10 +3,8 @@ #![cfg(debug_assertions)] -use crate::{ - fips::{assert_fips_status_indicator, FipsServiceStatus}, - tls_prf::{Secret, P_SHA256, P_SHA384, P_SHA512}, -}; +use crate::fips::{assert_fips_status_indicator, FipsServiceStatus}; +use crate::tls_prf::{Secret, P_SHA256, P_SHA384, P_SHA512}; macro_rules! prf_test { ($name:ident, $alg:expr, $size:expr, $label:expr, $expect:path) => { diff --git a/aws-lc-rs/tests/aead_test.rs b/aws-lc-rs/tests/aead_test.rs index ce199164e25..8271514c9b1 100644 --- a/aws-lc-rs/tests/aead_test.rs +++ b/aws-lc-rs/tests/aead_test.rs @@ -3,7 +3,8 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{aead, aead::nonce_sequence::Counter32Builder, error, test, test_file}; +use aws_lc_rs::aead::nonce_sequence::Counter32Builder; +use aws_lc_rs::{aead, error, test, test_file}; use aws_lc_rs::aead::{ Aad, BoundKey, Nonce, OpeningKey, SealingKey, UnboundKey, AES_128_GCM, NONCE_LEN, diff --git a/aws-lc-rs/tests/basic_rsa_test.rs b/aws-lc-rs/tests/basic_rsa_test.rs index a579608a0d3..0e3cfe8db03 100644 --- a/aws-lc-rs/tests/basic_rsa_test.rs +++ b/aws-lc-rs/tests/basic_rsa_test.rs @@ -1,13 +1,11 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - rand::SystemRandom, - rsa::{Pkcs1PublicEncryptingKey, PublicEncryptingKey}, - signature, - signature::RsaKeyPair, - test::from_dirty_hex, -}; +use aws_lc_rs::rand::SystemRandom; +use aws_lc_rs::rsa::{Pkcs1PublicEncryptingKey, PublicEncryptingKey}; +use aws_lc_rs::signature; +use aws_lc_rs::signature::RsaKeyPair; +use aws_lc_rs::test::from_dirty_hex; #[test] fn test_rsa_pkcs8() { diff --git a/aws-lc-rs/tests/cipher_test.rs b/aws-lc-rs/tests/cipher_test.rs index f72ab08c47e..820ade41fc6 100644 --- a/aws-lc-rs/tests/cipher_test.rs +++ b/aws-lc-rs/tests/cipher_test.rs @@ -1,15 +1,13 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - cipher::{ - DecryptingKey, DecryptionContext, EncryptingKey, EncryptionContext, OperatingMode, - PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, StreamingDecryptingKey, - StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_192, AES_256, - }, - iv::{FixedLength, IV_LEN_128_BIT}, - test::from_hex, +use aws_lc_rs::cipher::{ + DecryptingKey, DecryptionContext, EncryptingKey, EncryptionContext, OperatingMode, + PaddedBlockDecryptingKey, PaddedBlockEncryptingKey, StreamingDecryptingKey, + StreamingEncryptingKey, UnboundCipherKey, AES_128, AES_192, AES_256, }; +use aws_lc_rs::iv::{FixedLength, IV_LEN_128_BIT}; +use aws_lc_rs::test::from_hex; use paste::paste; fn step_encrypt( diff --git a/aws-lc-rs/tests/ecdsa_tests.rs b/aws-lc-rs/tests/ecdsa_tests.rs index 9edded3f437..14470c7af28 100644 --- a/aws-lc-rs/tests/ecdsa_tests.rs +++ b/aws-lc-rs/tests/ecdsa_tests.rs @@ -3,12 +3,10 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - encoding::{AsBigEndian, AsDer, EcPrivateKeyRfc5915Der}, - rand::SystemRandom, - signature::{self, EcdsaKeyPair, KeyPair, Signature, UnparsedPublicKey}, - test, test_file, -}; +use aws_lc_rs::encoding::{AsBigEndian, AsDer, EcPrivateKeyRfc5915Der}; +use aws_lc_rs::rand::SystemRandom; +use aws_lc_rs::signature::{self, EcdsaKeyPair, KeyPair, Signature, UnparsedPublicKey}; +use aws_lc_rs::{test, test_file}; #[test] fn ecdsa_traits() { diff --git a/aws-lc-rs/tests/ed25519_tests.rs b/aws-lc-rs/tests/ed25519_tests.rs index 19776ac5a9b..ee3b9be3cf8 100644 --- a/aws-lc-rs/tests/ed25519_tests.rs +++ b/aws-lc-rs/tests/ed25519_tests.rs @@ -3,13 +3,10 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - encoding::{AsBigEndian, Curve25519SeedBin}, - error, - rand::SystemRandom, - signature::{self, Ed25519KeyPair, KeyPair}, - test, test_file, -}; +use aws_lc_rs::encoding::{AsBigEndian, Curve25519SeedBin}; +use aws_lc_rs::rand::SystemRandom; +use aws_lc_rs::signature::{self, Ed25519KeyPair, KeyPair}; +use aws_lc_rs::{error, test, test_file}; #[test] fn test_ed25519_traits() { diff --git a/aws-lc-rs/tests/hmac_test.rs b/aws-lc-rs/tests/hmac_test.rs index e7cf473f70c..a3136196c60 100644 --- a/aws-lc-rs/tests/hmac_test.rs +++ b/aws-lc-rs/tests/hmac_test.rs @@ -3,7 +3,8 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{digest, hmac, hmac::sign, test, test_file}; +use aws_lc_rs::hmac::sign; +use aws_lc_rs::{digest, hmac, test, test_file}; #[test] fn hmac_tests() { diff --git a/aws-lc-rs/tests/kdf_test.rs b/aws-lc-rs/tests/kdf_test.rs index 9bc76a40e51..949c456c8c9 100644 --- a/aws-lc-rs/tests/kdf_test.rs +++ b/aws-lc-rs/tests/kdf_test.rs @@ -5,14 +5,12 @@ use std::error::Error; -use aws_lc_rs::{ - kdf::{ - get_kbkdf_ctr_hmac_algorithm, get_sskdf_digest_algorithm, get_sskdf_hmac_algorithm, - kbkdf_ctr_hmac, sskdf_digest, sskdf_hmac, KbkdfCtrHmacAlgorithm, KbkdfCtrHmacAlgorithmId, - SskdfDigestAlgorithm, SskdfDigestAlgorithmId, SskdfHmacAlgorithm, SskdfHmacAlgorithmId, - }, - test, test_file, +use aws_lc_rs::kdf::{ + get_kbkdf_ctr_hmac_algorithm, get_sskdf_digest_algorithm, get_sskdf_hmac_algorithm, + kbkdf_ctr_hmac, sskdf_digest, sskdf_hmac, KbkdfCtrHmacAlgorithm, KbkdfCtrHmacAlgorithmId, + SskdfDigestAlgorithm, SskdfDigestAlgorithmId, SskdfHmacAlgorithm, SskdfHmacAlgorithmId, }; +use aws_lc_rs::{test, test_file}; #[derive(Clone, Copy)] enum SskdfVariant { diff --git a/aws-lc-rs/tests/quic_test.rs b/aws-lc-rs/tests/quic_test.rs index b63368020b0..1fd31ef5114 100644 --- a/aws-lc-rs/tests/quic_test.rs +++ b/aws-lc-rs/tests/quic_test.rs @@ -3,7 +3,8 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{aead::quic, test, test_file}; +use aws_lc_rs::aead::quic; +use aws_lc_rs::{test, test_file}; #[test] fn quic_aes_128() { diff --git a/aws-lc-rs/tests/rand_test.rs b/aws-lc-rs/tests/rand_test.rs index d9b0903e8f1..e3cef0bd5be 100644 --- a/aws-lc-rs/tests/rand_test.rs +++ b/aws-lc-rs/tests/rand_test.rs @@ -3,10 +3,8 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - rand::{self, SecureRandom as _}, - test, -}; +use aws_lc_rs::rand::{self, SecureRandom as _}; +use aws_lc_rs::test; #[cfg(target_arch = "wasm32")] use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; diff --git a/aws-lc-rs/tests/rsa_test.rs b/aws-lc-rs/tests/rsa_test.rs index 80d9c8e3c7d..a55777bbf20 100644 --- a/aws-lc-rs/tests/rsa_test.rs +++ b/aws-lc-rs/tests/rsa_test.rs @@ -3,21 +3,17 @@ // Modifications copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -use aws_lc_rs::{ - encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der}, - rand, - rsa::{ - EncryptionAlgorithmId, KeySize, OaepPrivateDecryptingKey, OaepPublicEncryptingKey, - Pkcs1PrivateDecryptingKey, Pkcs1PublicEncryptingKey, PrivateDecryptingKey, - PublicEncryptingKey, OAEP_SHA1_MGF1SHA1, OAEP_SHA256_MGF1SHA256, OAEP_SHA384_MGF1SHA384, - OAEP_SHA512_MGF1SHA512, - }, - signature, - signature::{KeyPair, RsaKeyPair, RsaParameters, RsaPublicKeyComponents, RsaSubjectPublicKey}, - test, - test::to_hex_upper, - test_file, +use aws_lc_rs::encoding::{AsDer, Pkcs8V1Der, PublicKeyX509Der}; +use aws_lc_rs::rsa::{ + EncryptionAlgorithmId, KeySize, OaepPrivateDecryptingKey, OaepPublicEncryptingKey, + Pkcs1PrivateDecryptingKey, Pkcs1PublicEncryptingKey, PrivateDecryptingKey, PublicEncryptingKey, + OAEP_SHA1_MGF1SHA1, OAEP_SHA256_MGF1SHA256, OAEP_SHA384_MGF1SHA384, OAEP_SHA512_MGF1SHA512, }; +use aws_lc_rs::signature::{ + KeyPair, RsaKeyPair, RsaParameters, RsaPublicKeyComponents, RsaSubjectPublicKey, +}; +use aws_lc_rs::test::to_hex_upper; +use aws_lc_rs::{rand, signature, test, test_file}; #[test] fn rsa_traits() { diff --git a/aws-lc-sys/builder/cmake_builder.rs b/aws-lc-sys/builder/cmake_builder.rs index 8c541c09b8c..0d2f4c0be63 100644 --- a/aws-lc-sys/builder/cmake_builder.rs +++ b/aws-lc-sys/builder/cmake_builder.rs @@ -1,16 +1,17 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC +use crate::cc_builder::CcBuilder; +use crate::OutputLib::{Crypto, RustWrapper, Ssl}; use crate::{ - allow_prebuilt_nasm, cargo_env, - cc_builder::CcBuilder, - emit_warning, execute_command, get_crate_cflags, is_crt_static, is_no_asm, option_env, - requested_c_std, target, target_arch, target_env, target_os, target_underscored, target_vendor, - test_nasm_command, use_prebuilt_nasm, CStdRequested, - OutputLib::{Crypto, RustWrapper, Ssl}, + allow_prebuilt_nasm, cargo_env, emit_warning, execute_command, get_crate_cflags, is_crt_static, + is_no_asm, option_env, requested_c_std, target, target_arch, target_env, target_os, + target_underscored, target_vendor, test_nasm_command, use_prebuilt_nasm, CStdRequested, OutputLibType, }; -use std::{env, ffi::OsString, path::PathBuf}; +use std::env; +use std::ffi::OsString; +use std::path::PathBuf; pub(crate) struct CmakeBuilder { manifest_dir: PathBuf, diff --git a/aws-lc-sys/builder/main.rs b/aws-lc-sys/builder/main.rs index 2fdf54bcc9b..89e7eab5050 100644 --- a/aws-lc-sys/builder/main.rs +++ b/aws-lc-sys/builder/main.rs @@ -10,14 +10,11 @@ #![cfg_attr(clippy, feature(custom_inner_attributes))] #![cfg_attr(clippy, clippy::msrv = "1.77")] -use std::{ - env, - ffi::{OsStr, OsString}, - fmt, - fmt::Debug, - path::{Path, PathBuf}, - process::Command, -}; +use std::ffi::{OsStr, OsString}; +use std::fmt::Debug; +use std::path::{Path, PathBuf}; +use std::process::Command; +use std::{env, fmt}; use cc_builder::CcBuilder; use cmake_builder::CmakeBuilder;