Merge pull request #351 from andrewwhitehead/fix/key-load-fail

Fix panic when loading secret keys of invalid length
openwallet-foundation · Jan 24, 2025 · d399c75 · d399c75
2 parents 5619bd0 + cef7cb8
commit d399c75
Show file tree

Hide file tree

Showing 17 changed files with 117 additions and 108 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -4,7 +4,7 @@ resolver = "2"
 
 [package]
 name = "aries-askar"
-version = "0.4.1"
+version = "0.4.2"
 authors = ["Hyperledger Aries Contributors <[email protected]>"]
 edition = "2021"
 description = "Hyperledger Aries Askar secure storage"

diff --git a/askar-crypto/Cargo.toml b/askar-crypto/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "askar-crypto"
-version = "0.3.3"
+version = "0.3.4"
 authors = ["Hyperledger Aries Contributors <[email protected]>"]
 edition = "2021"
 description = "Hyperledger Aries Askar cryptography"

diff --git a/askar-crypto/src/alg/k256.rs b/askar-crypto/src/alg/k256.rs
@@ -128,9 +128,8 @@ impl KeyGen for K256KeyPair {
 
 impl KeySecretBytes for K256KeyPair {
     fn from_secret_bytes(key: &[u8]) -> Result<Self, Error> {
-        #[allow(clippy::unnecessary_fallible_conversions)]
-        if let Ok(key) = key.try_into() {
-            if let Ok(sk) = SecretKey::from_bytes(key) {
+        if key.len() == SECRET_KEY_LENGTH {
+            if let Ok(sk) = SecretKey::from_bytes(key.into()) {
                 return Ok(Self::from_secret_key(sk));
             }
         }

diff --git a/askar-crypto/src/alg/p256.rs b/askar-crypto/src/alg/p256.rs
@@ -130,9 +130,8 @@ impl KeyGen for P256KeyPair {
 
 impl KeySecretBytes for P256KeyPair {
     fn from_secret_bytes(key: &[u8]) -> Result<Self, Error> {
-        #[allow(clippy::unnecessary_fallible_conversions)]
-        if let Ok(key) = key.try_into() {
-            if let Ok(sk) = SecretKey::from_bytes(key) {
+        if key.len() == SECRET_KEY_LENGTH {
+            if let Ok(sk) = SecretKey::from_bytes(key.into()) {
                 return Ok(Self::from_secret_key(sk));
             }
         }

diff --git a/askar-crypto/src/alg/p384.rs b/askar-crypto/src/alg/p384.rs
@@ -1,6 +1,6 @@
 //! Elliptic curve ECDH and ECDSA support on curve secp384r1
 
-use core::convert::{TryFrom, TryInto};
+use core::convert::TryFrom;
 
 use p384::{
     ecdsa::{
@@ -130,9 +130,8 @@ impl KeyGen for P384KeyPair {
 
 impl KeySecretBytes for P384KeyPair {
     fn from_secret_bytes(key: &[u8]) -> Result<Self, Error> {
-        #[allow(clippy::unnecessary_fallible_conversions)]
-        if let Ok(key) = key.try_into() {
-            if let Ok(sk) = SecretKey::from_bytes(key) {
+        if key.len() == SECRET_KEY_LENGTH {
+            if let Ok(sk) = SecretKey::from_bytes(key.into()) {
                 return Ok(Self::from_secret_key(sk));
             }
         }

diff --git a/askar-crypto/src/buffer/array.rs b/askar-crypto/src/buffer/array.rs
@@ -200,7 +200,7 @@ struct KeyVisitor<L: ArrayLength<u8>> {
     _pd: PhantomData<L>,
 }
 
-impl<'de, L: ArrayLength<u8>> de::Visitor<'de> for KeyVisitor<L> {
+impl<L: ArrayLength<u8>> de::Visitor<'_> for KeyVisitor<L> {
     type Value = ArrayKey<L>;
 
     fn expecting(&self, formatter: &mut Formatter<'_>) -> fmt::Result {

diff --git a/askar-crypto/src/buffer/secret.rs b/askar-crypto/src/buffer/secret.rs
@@ -303,7 +303,7 @@ impl<'de> Deserialize<'de> for SecretBytes {
 
 struct SecVisitor;
 
-impl<'de> de::Visitor<'de> for SecVisitor {
+impl de::Visitor<'_> for SecVisitor {
     type Value = SecretBytes;
 
     fn expecting(&self, formatter: &mut Formatter<'_>) -> fmt::Result {

diff --git a/askar-crypto/src/jwk/encode.rs b/askar-crypto/src/jwk/encode.rs
@@ -244,7 +244,7 @@ impl<'s, K: ToJwk> JwkSerialize<'s, K> {
     }
 }
 
-impl<'s, K: ToJwk> Serialize for JwkSerialize<'s, K> {
+impl<K: ToJwk> Serialize for JwkSerialize<'_, K> {
     fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
     where
         S: Serializer,

diff --git a/askar-storage/Cargo.toml b/askar-storage/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "askar-storage"
-version = "0.2.0"
+version = "0.2.1"
 authors = ["Hyperledger Aries Contributors <[email protected]>"]
 edition = "2021"
 description = "Hyperledger Aries Askar secure storage"

diff --git a/askar-storage/src/backend/db_utils.rs b/askar-storage/src/backend/db_utils.rs
@@ -243,7 +243,7 @@ impl<DB: ExtDatabase> DbSessionRef<'_, DB> {
     }
 }
 
-impl<'q, DB: ExtDatabase> Deref for DbSessionRef<'q, DB> {
+impl<DB: ExtDatabase> Deref for DbSessionRef<'_, DB> {
     type Target = DbSession<DB>;
 
     fn deref(&self) -> &Self::Target {
@@ -254,7 +254,7 @@ impl<'q, DB: ExtDatabase> Deref for DbSessionRef<'q, DB> {
     }
 }
 
-impl<'q, DB: ExtDatabase> DerefMut for DbSessionRef<'q, DB> {
+impl<DB: ExtDatabase> DerefMut for DbSessionRef<'_, DB> {
     fn deref_mut(&mut self) -> &mut Self::Target {
         match self {
             Self::Owned(e) => e,
@@ -349,7 +349,7 @@ impl<'a, DB: ExtDatabase> DbSessionTxn<'a, DB> {
     }
 }
 
-impl<'a, DB: ExtDatabase> Drop for DbSessionTxn<'a, DB> {
+impl<DB: ExtDatabase> Drop for DbSessionTxn<'_, DB> {
     fn drop(&mut self) {
         if self.rollback {
             self.inner.txn_depth -= 1;

diff --git a/askar-storage/src/backend/mod.rs b/askar-storage/src/backend/mod.rs
@@ -143,7 +143,7 @@ pub trait BackendSession: Debug + Send {
     fn import_scan<'q>(
         &'q mut self,
         mut scan: Scan<'q, Entry>,
-    ) -> BoxFuture<'_, Result<(), Error>> {
+    ) -> BoxFuture<'q, Result<(), Error>> {
         Box::pin(async move {
             while let Some(rows) = scan.fetch_next().await? {
                 for entry in rows {

diff --git a/askar-storage/src/options.rs b/askar-storage/src/options.rs
@@ -24,7 +24,7 @@ pub struct Options<'a> {
     pub fragment: Cow<'a, str>,
 }
 
-impl<'a> Options<'a> {
+impl Options<'_> {
     /// Parse a URI string into an Options structure
     pub fn parse_uri(uri: &str) -> Result<Options<'_>, Error> {
         let mut fragment_and_remain = uri.splitn(2, '#');

diff --git a/askar-storage/src/protect/pass_key.rs b/askar-storage/src/protect/pass_key.rs
@@ -11,7 +11,7 @@ use std::{
 #[derive(Clone, Default)]
 pub struct PassKey<'a>(Option<Cow<'a, str>>);
 
-impl<'a> PassKey<'a> {
+impl PassKey<'_> {
     /// Create a scoped reference to the passkey
     pub fn as_ref(&self) -> PassKey<'_> {
         PassKey(Some(Cow::Borrowed(&**self)))
@@ -83,8 +83,8 @@ impl<'a> From<Option<&'a str>> for PassKey<'a> {
     }
 }
 
-impl<'a, 'b> PartialEq<PassKey<'b>> for PassKey<'a> {
-    fn eq(&self, other: &PassKey<'b>) -> bool {
+impl<'a> PartialEq<PassKey<'a>> for PassKey<'_> {
+    fn eq(&self, other: &PassKey<'a>) -> bool {
         **self == **other
     }
 }

diff --git a/src/ffi/tags.rs b/src/ffi/tags.rs
@@ -149,13 +149,13 @@ impl Serialize for EntryTagSet<'_> {
         #[derive(PartialOrd, Ord)]
         struct TagName<'a>(&'a str, bool);
 
-        impl<'a> PartialEq for TagName<'a> {
+        impl PartialEq for TagName<'_> {
             fn eq(&self, other: &Self) -> bool {
                 self.1 == other.1 && self.0 == other.0
             }
         }
 
-        impl<'a> Eq for TagName<'a> {}
+        impl Eq for TagName<'_> {}
 
         impl Serialize for TagName<'_> {
             fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>

diff --git a/src/kms/enc.rs b/src/kms/enc.rs
@@ -59,7 +59,7 @@ pub struct ToDecrypt<'d> {
     pub tag: &'d [u8],
 }
 
-impl<'d> ToDecrypt<'d> {
+impl ToDecrypt<'_> {
     /// Accessor for the combined length
     #[allow(clippy::len_without_is_empty)]
     #[inline]

diff --git a/wrappers/python/aries_askar/version.py b/wrappers/python/aries_askar/version.py
@@ -1,3 +1,3 @@
 """aries_askar library wrapper version."""
 
-__version__ = "0.4.1"
+__version__ = "0.4.2"