yescrypt: warn for clippy::unwrap_used (#698)

Replaces usages of `unwrap` with `Error::Internal`

Author: tarcieri

yescrypt/src/error.rs

@@ -1,6 +1,6 @@
 //! Error type.
 
-use core::fmt;
+use core::{fmt, num::TryFromIntError};
 
 /// Result type for the `yescrypt` crate with its [`Error`] type.
 pub type Result<T> = core::result::Result<T, Error>;
@@ -16,6 +16,9 @@ pub enum Error {
     /// Encoding error (i.e. Base64)
     Encoding,
 
+    /// Internal error (bug in library)
+    Internal,
+
     /// Invalid params
     Params,
 
@@ -28,13 +31,20 @@ impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
             #[cfg(feature = "simple")]
-            Error::Algorithm => f.write_str("password hash must begin with `$y$`"),
-            Error::Encoding => f.write_str("yescrypt encoding invalid"),
-            Error::Params => f.write_str("yescrypt params invalid"),
+            Error::Algorithm => write!(f, "password hash must begin with `$y$`"),
+            Error::Encoding => write!(f, "yescrypt encoding invalid"),
+            Error::Internal => write!(f, "internal error"),
+            Error::Params => write!(f, "yescrypt params invalid"),
             #[cfg(feature = "simple")]
-            Error::Password => f.write_str("invalid password"),
+            Error::Password => write!(f, "invalid password"),
         }
     }
 }
 
 impl core::error::Error for Error {}
+
+impl From<TryFromIntError> for Error {
+    fn from(_: TryFromIntError) -> Self {
+        Error::Internal
+    }
+}

yescrypt/src/lib.rs

@@ -16,6 +16,7 @@
     clippy::implicit_saturating_sub,
     clippy::panic,
     clippy::panic_in_result_fn,
+    clippy::unwrap_used,
     missing_docs,
     rust_2018_idioms,
     unused_lifetimes,
@@ -220,28 +221,26 @@ fn yescrypt_kdf_body(
 
     let mut passwd = passwd;
     let mut sha256 = [0u8; 32];
+    let key: &[u8] = if prehash {
+        b"yescrypt-prehash"
+    } else {
+        b"yescrypt"
+    };
     if !mode.is_classic() {
-        sha256 = util::hmac_sha256(
-            if prehash {
-                b"yescrypt-prehash"
-            } else {
-                b"yescrypt"
-            },
-            passwd,
-        );
+        sha256 = util::hmac_sha256(key, passwd)?;
         passwd = &sha256;
     }
 
     // 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen)
-    pbkdf2::pbkdf2_hmac::<Sha256>(passwd, salt, 1, util::cast_slice_mut(&mut b));
+    pbkdf2::pbkdf2_hmac::<Sha256>(passwd, salt, 1, util::cast_slice_mut(&mut b)?);
 
     if !mode.is_classic() {
-        sha256.copy_from_slice(util::cast_slice(&b[..8]));
+        sha256.copy_from_slice(util::cast_slice(&b[..8])?);
         passwd = &sha256;
     }
 
     if mode.is_rw() {
-        smix::smix(&mut b, r, n, p, t, mode, &mut v, &mut xy, &mut sha256);
+        smix::smix(&mut b, r, n, p, t, mode, &mut v, &mut xy, &mut sha256)?;
         passwd = &sha256;
     } else {
         // 2: for i = 0 to p - 1 do
@@ -257,17 +256,17 @@ fn yescrypt_kdf_body(
                 &mut v,
                 &mut xy,
                 &mut [],
-            );
+            )?;
         }
     }
 
     let mut dk = [0u8; 32];
     if !mode.is_classic() && out.len() < 32 {
-        pbkdf2::pbkdf2_hmac::<Sha256>(passwd, util::cast_slice(&b), 1, &mut dk);
+        pbkdf2::pbkdf2_hmac::<Sha256>(passwd, util::cast_slice(&b)?, 1, &mut dk);
     }
 
     // 5: DK <-- PBKDF2(P, B, 1, dkLen)
-    pbkdf2::pbkdf2_hmac::<Sha256>(passwd, util::cast_slice(&b), 1, out);
+    pbkdf2::pbkdf2_hmac::<Sha256>(passwd, util::cast_slice(&b)?, 1, out);
 
     // Except when computing classic scrypt, allow all computation so far
     // to be performed on the client.  The final steps below match those of
@@ -282,7 +281,7 @@ fn yescrypt_kdf_body(
         };
 
         // Compute ClientKey
-        sha256 = util::hmac_sha256(&dkp[..32], b"Client Key");
+        sha256 = util::hmac_sha256(&dkp[..32], b"Client Key")?;
 
         // Compute StoredKey
         let clen = out.len().clamp(0, 32);

yescrypt/src/smix.rs

@@ -2,14 +2,13 @@
 
 #![allow(clippy::too_many_arguments)]
 
-use alloc::vec::Vec;
-
 use crate::{
-    Mode,
+    Error, Mode, Result,
     pwxform::{PwxformCtx, SWORDS},
     salsa20,
     util::{cast_slice, hmac_sha256, slice_as_chunks_mut, xor},
 };
+use alloc::vec::Vec;
 
 const SBYTES: u64 = crate::pwxform::SBYTES as u64;
 
@@ -28,7 +27,7 @@ pub(crate) fn smix(
     v: &mut [u32],
     xy: &mut [u32],
     passwd: &mut [u8],
-) {
+) -> Result<()> {
     let r = r as usize;
     let s = 32 * r;
 
@@ -100,7 +99,7 @@ pub(crate) fn smix(
 
         // 17: if YESCRYPT_RW flag is set
         let mut ctx_i = if mode.is_rw() {
-            let si = sn.next().unwrap();
+            let si = sn.next().ok_or(Error::Internal)?;
 
             // 18: SMix1_1(B_i, Sbytes / 128, S_i, no flags)
             smix1(
@@ -111,7 +110,7 @@ pub(crate) fn smix(
                 &mut si[..],
                 xy,
                 &mut None,
-            );
+            )?;
 
             let (s2, s10) = si.split_at_mut((1 << 8) * 4);
             let (s1, s0) = s10.split_at_mut((1 << 8) * 4);
@@ -134,7 +133,7 @@ pub(crate) fn smix(
             // 23: if i = 0
             if i == 0 {
                 // 24: passwd <-- HMAC-SHA256(B_{0,2r-1}, passwd)
-                let digest = hmac_sha256(cast_slice(&bs[(s - 16)..s]), &passwd[..32]);
+                let digest = hmac_sha256(cast_slice(&bs[(s - 16)..s])?, &passwd[..32])?;
                 passwd[..32].copy_from_slice(&digest);
             }
 
@@ -145,7 +144,7 @@ pub(crate) fn smix(
         };
 
         // 27: SMix1_r(B_i, n, V_{u..v}, flags)
-        smix1(bs, r, np, mode, vp, xy, &mut ctx_i);
+        smix1(bs, r, np, mode, vp, xy, &mut ctx_i)?;
 
         // 28: SMix2_r(B_i, p2floor(n), Nloop_rw, V_{u..v}, flags)
         smix2(
@@ -157,7 +156,7 @@ pub(crate) fn smix(
             vp,
             xy,
             &mut ctx_i,
-        );
+        )?;
 
         vchunk += nchunk;
     }
@@ -185,8 +184,10 @@ pub(crate) fn smix(
             v,
             xy,
             &mut ctx_i,
-        );
+        )?;
     }
+
+    Ok(())
 }
 
 /// Compute first loop of `B = SMix_r(B, N)`.
@@ -201,7 +202,7 @@ fn smix1(
     v: &mut [u32],
     xy: &mut [u32],
     ctx: &mut Option<&mut PwxformCtx<'_>>,
-) {
+) -> Result<()> {
     let s = 32 * r;
     let (x, y) = xy.split_at_mut(s);
 
@@ -218,7 +219,7 @@ fn smix1(
         v[i as usize * s..][..s].copy_from_slice(x);
         if mode.is_rw() && i > 1 {
             let n = prev_power_of_two(i);
-            let j = usize::try_from((integerify(x, r) & (n - 1)) + (i - n)).unwrap();
+            let j = usize::try_from((integerify(x, r) & (n - 1)) + (i - n))?;
             xor(x, &v[j * s..][..s]);
         }
 
@@ -235,6 +236,8 @@ fn smix1(
             b[(k * 16) + ((i * 5) % 16)] = (x[k * 16 + i]).to_le();
         }
     }
+
+    Ok(())
 }
 
 /// Compute second loop of `B = SMix_r(B, N)`.
@@ -251,7 +254,7 @@ fn smix2(
     v: &mut [u32],
     xy: &mut [u32],
     ctx: &mut Option<&mut PwxformCtx<'_>>,
-) {
+) -> Result<()> {
     let s = 32 * r;
     let (x, y) = xy.split_at_mut(s);
 
@@ -265,7 +268,7 @@ fn smix2(
     // 6: for i = 0 to N - 1 do
     for _ in 0..nloop {
         // 7: j <-- Integerify(X) mod N
-        let j = usize::try_from(integerify(x, r) & (n - 1)).unwrap();
+        let j = usize::try_from(integerify(x, r) & (n - 1))?;
 
         // 8.1: X <-- X xor V_j
         xor(x, &v[j * s..][..s]);
@@ -288,6 +291,8 @@ fn smix2(
             b[(k * 16) + ((i * 5) % 16)] = (x[k * 16 + i]).to_le();
         }
     }
+
+    Ok(())
 }
 
 /// Return the result of parsing B_{2r-1} as a little-endian integer.

yescrypt/src/util.rs

@@ -3,6 +3,7 @@
 // TODO(tarcieri): find safe replacements for unsafe code if possible
 #![allow(unsafe_code)]
 
+use crate::{Error, Result};
 use core::{ops::BitXorAssign, slice};
 use sha2::Sha256;
 
@@ -16,33 +17,32 @@ where
     }
 }
 
-pub(crate) fn cast_slice(input: &[u32]) -> &[u8] {
+pub(crate) fn cast_slice(input: &[u32]) -> Result<&[u8]> {
     let new_len = input
         .len()
         .checked_mul(size_of::<u32>() / size_of::<u8>())
-        .unwrap();
+        .ok_or(Error::Internal)?;
 
     // SAFETY: `new_len` accounts for the size difference between the two types
-    unsafe { slice::from_raw_parts(input.as_ptr().cast(), new_len) }
+    Ok(unsafe { slice::from_raw_parts(input.as_ptr().cast(), new_len) })
 }
 
-pub(crate) fn cast_slice_mut(input: &mut [u32]) -> &mut [u8] {
+pub(crate) fn cast_slice_mut(input: &mut [u32]) -> Result<&mut [u8]> {
     let new_len = input
         .len()
         .checked_mul(size_of::<u32>() / size_of::<u8>())
-        .unwrap();
+        .ok_or(Error::Internal)?;
 
     // SAFETY: `new_len` accounts for the size difference between the two types
-    unsafe { slice::from_raw_parts_mut(input.as_mut_ptr().cast(), new_len) }
+    Ok(unsafe { slice::from_raw_parts_mut(input.as_mut_ptr().cast(), new_len) })
 }
 
-pub(crate) fn hmac_sha256(key: &[u8], in_0: &[u8]) -> [u8; 32] {
+pub(crate) fn hmac_sha256(key: &[u8], in_0: &[u8]) -> Result<[u8; 32]> {
     use hmac::{KeyInit, Mac};
 
-    let mut hmac = hmac::Hmac::<Sha256>::new_from_slice(key)
-        .expect("key length should always be valid with hmac");
+    let mut hmac = hmac::Hmac::<Sha256>::new_from_slice(key).map_err(|_| Error::Internal)?;
     hmac.update(in_0);
-    hmac.finalize().into_bytes().into()
+    Ok(hmac.finalize().into_bytes().into())
 }
 
 // TODO(tarcieri): use upstream `[T]::as_chunks_mut` when MSRV is 1.88