yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use x[..n] instead of x[0..n].

Browse Source 
Also, update the style guide.
This commit is contained in:
Brian Smith 2016-02-22 09:07:47 -10:00
parent 908161a824
commit ba126545ca
6 changed files with 59 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
STYLE.md
View File

@ -1,8 +1,25 @@
# BoringSSL Style Guide
*ring* inherited C, C++, and assembly language code from BoringSSL, and the
style guidelines for that code are in the second section of this document.
# *ring* Style Guide (for code not in [crypto/](crypto))
*ring* usually follows the [Rust Guidelines](https://aturon.github.io/), but
there are some differences and *ring* adds additional guidelines.
## Arrays
When creating a slice from the start of a indexable value, use `x[..n]`, not
`x[0..n]`. Similarly, use `x[n..]`, not `x[n..x.len()]` for creating a slice
from a specific point to the end of the value.
# BoringSSL Style Guide (for code in [crypto/](crypto))
BoringSSL usually follows the
[Google C++ style guide](https://google.github.io/styleguide/cppguide.html),
The rest of this document describes differences and clarifications on
The rest of this section describes differences and clarifications on
top of the base guide.

66
src/aead.rs
View File

@ -72,7 +72,7 @@ impl OpeningKey {
///
/// The input is `in_out[in_prefix_len..]`; i.e. the input is the part of
/// `in_out` after the prefix. When `open` returns `Ok(out_len)`, the decrypted
/// output is `in_out[0..out_len]`; i.e. the output has been written over the
/// output is `in_out[..out_len]`; i.e. the output has been written over the
/// top of the prefix and the input. To put it a different way, the output
/// overwrites the input, shifted by `in_prefix_len` bytes. To have the output
/// overwrite the input without shifting, pass 0 as `in_prefix_len`. (The input
@ -142,9 +142,9 @@ impl SealingKey {
///
/// `nonce` must be unique for every use of the key to seal data.
///
/// The input is `in_out[0..(in_out.len() - out_suffix_capacity]`; i.e. the
/// The input is `in_out[..(in_out.len() - out_suffix_capacity]`; i.e. the
/// input is the part of `in_out` that precedes the suffix. When `seal` returns
/// `Ok(out_len)`, the encrypted and signed output is `in_out[0..out_len]`; i.e.
/// `Ok(out_len)`, the encrypted and signed output is `in_out[..out_len]`; i.e.
/// the output has been written over input and at least part of the data
/// reserved for the suffix. (This way the input and output buffers are
/// expressed this way because Rust's type system does not allow us to have two
@ -504,9 +504,9 @@ mod tests {
match error {
None => {
assert_eq!(Ok(ct.len()), s_result);
assert_eq!(&ct[..], &s_in_out[0..ct.len()]);
assert_eq!(&ct[..], &s_in_out[..ct.len()]);
assert_eq!(Ok(plaintext.len()), o_result);
assert_eq!(&plaintext[..], &o_in_out[0..plaintext.len()]);
assert_eq!(&plaintext[..], &o_in_out[..plaintext.len()]);
},
Some(ref error) if error == "WRONG_NONCE_LENGTH" => {
assert_eq!(Err(()), s_result);
@ -525,33 +525,33 @@ mod tests {
let key_data = vec![0u8; key_len * 2];
// Key is the right size.
assert!(aead::OpeningKey::new(aead_alg, &key_data[0..key_len])
assert!(aead::OpeningKey::new(aead_alg, &key_data[..key_len])
.is_ok());
assert!(aead::SealingKey::new(aead_alg, &key_data[0..key_len])
assert!(aead::SealingKey::new(aead_alg, &key_data[..key_len])
.is_ok());
// Key is one byte too small.
assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len - 1)])
assert!(aead::OpeningKey::new(aead_alg, &key_data[..(key_len - 1)])
.is_err());
assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len - 1)])
assert!(aead::SealingKey::new(aead_alg, &key_data[..(key_len - 1)])
.is_err());
// Key is one byte too large.
assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len + 1)])
assert!(aead::OpeningKey::new(aead_alg, &key_data[..(key_len + 1)])
.is_err());
assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len + 1)])
assert!(aead::SealingKey::new(aead_alg, &key_data[..(key_len + 1)])
.is_err());
// Key is half the required size.
assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len / 2)])
assert!(aead::OpeningKey::new(aead_alg, &key_data[..(key_len / 2)])
.is_err());
assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len / 2)])
assert!(aead::SealingKey::new(aead_alg, &key_data[..(key_len / 2)])
.is_err());
// Key is twice the required size.
assert!(aead::OpeningKey::new(aead_alg, &key_data[0..(key_len * 2)])
assert!(aead::OpeningKey::new(aead_alg, &key_data[..(key_len * 2)])
.is_err());
assert!(aead::SealingKey::new(aead_alg, &key_data[0..(key_len * 2)])
assert!(aead::SealingKey::new(aead_alg, &key_data[..(key_len * 2)])
.is_err());
// Key is empty.
@ -578,9 +578,9 @@ mod tests {
let key_len = aead_alg.key_len;
let key_data = vec![0u8; key_len];
let o_key =
aead::OpeningKey::new(aead_alg, &key_data[0..key_len]).unwrap();
aead::OpeningKey::new(aead_alg, &key_data[..key_len]).unwrap();
let s_key =
aead::SealingKey::new(aead_alg, &key_data[0..key_len]).unwrap();
aead::SealingKey::new(aead_alg, &key_data[..key_len]).unwrap();
let nonce_len = aead_alg.nonce_len;
@ -600,68 +600,68 @@ mod tests {
// Construct a template input for `open_in_place`.
let mut to_open = Vec::from(to_seal);
let ciphertext_len = aead::seal_in_place(&s_key, &nonce[0..nonce_len],
let ciphertext_len = aead::seal_in_place(&s_key, &nonce[..nonce_len],
&mut to_open, suffix_space,
&ad).unwrap();
let to_open = &to_open[0..ciphertext_len];
let to_open = &to_open[..ciphertext_len];
// Nonce is the correct length.
{
let mut in_out = Vec::from(to_seal);
assert!(aead::seal_in_place(&s_key, &nonce[0..nonce_len],
assert!(aead::seal_in_place(&s_key, &nonce[..nonce_len],
&mut in_out, suffix_space, &ad).is_ok());
}
{
let mut in_out = Vec::from(to_open);
assert!(aead::open_in_place(&o_key, &nonce[0..nonce_len],
assert!(aead::open_in_place(&o_key, &nonce[..nonce_len],
prefix_len, &mut in_out, &ad).is_ok());
}
// Nonce is one byte too small.
{
let mut in_out = Vec::from(to_seal);
assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len - 1)],
assert!(aead::seal_in_place(&s_key, &nonce[..(nonce_len - 1)],
&mut in_out, suffix_space, &ad).is_err());
}
{
let mut in_out = Vec::from(to_open);
assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len - 1)],
assert!(aead::open_in_place(&o_key, &nonce[..(nonce_len - 1)],
prefix_len, &mut in_out, &ad).is_err());
}
// Nonce is one byte too large.
{
let mut in_out = Vec::from(to_seal);
assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len + 1)],
assert!(aead::seal_in_place(&s_key, &nonce[..(nonce_len + 1)],
&mut in_out, suffix_space, &ad).is_err());
}
{
let mut in_out = Vec::from(to_open);
assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len + 1)],
assert!(aead::open_in_place(&o_key, &nonce[..(nonce_len + 1)],
prefix_len, &mut in_out, &ad).is_err());
}
// Nonce is half the required size.
{
let mut in_out = Vec::from(to_seal);
assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len / 2)],
assert!(aead::seal_in_place(&s_key, &nonce[..(nonce_len / 2)],
&mut in_out, suffix_space, &ad).is_err());
}
{
let mut in_out = Vec::from(to_open);
assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len / 2)],
assert!(aead::open_in_place(&o_key, &nonce[..(nonce_len / 2)],
prefix_len, &mut in_out, &ad).is_err());
}
// Nonce is twice the required size.
{
let mut in_out = Vec::from(to_seal);
assert!(aead::seal_in_place(&s_key, &nonce[0..(nonce_len * 2)],
assert!(aead::seal_in_place(&s_key, &nonce[..(nonce_len * 2)],
&mut in_out, suffix_space, &ad).is_err());
}
{
let mut in_out = Vec::from(to_open);
assert!(aead::open_in_place(&o_key, &nonce[0..(nonce_len * 2)],
assert!(aead::open_in_place(&o_key, &nonce[..(nonce_len * 2)],
prefix_len, &mut in_out, &ad).is_err());
}
@ -680,24 +680,24 @@ mod tests {
// Nonce is one byte.
{
let mut in_out = Vec::from(to_seal);
assert!(aead::seal_in_place(&s_key, &nonce[0..1], &mut in_out,
assert!(aead::seal_in_place(&s_key, &nonce[..1], &mut in_out,
suffix_space, &ad).is_err());
}
{
let mut in_out = Vec::from(to_open);
assert!(aead::open_in_place(&o_key, &nonce[0..1], prefix_len,
assert!(aead::open_in_place(&o_key, &nonce[..1], prefix_len,
&mut in_out, &ad).is_err());
}
// Nonce is 128 bits (16 bytes).
{
let mut in_out = Vec::from(to_seal);
assert!(aead::seal_in_place(&s_key, &nonce[0..16], &mut in_out,
assert!(aead::seal_in_place(&s_key, &nonce[..16], &mut in_out,
suffix_space, &ad).is_err());
}
{
let mut in_out = Vec::from(to_open);
assert!(aead::open_in_place(&o_key, &nonce[0..16], prefix_len,
assert!(aead::open_in_place(&o_key, &nonce[..16], prefix_len,
&mut in_out, &ad).is_err());
}
}

2
src/agreement.rs
View File

@ -137,7 +137,7 @@ pub fn agree_ephemeral<F, R, E>(my_key_pair: EphemeralKeyPair,
peer_public_key_alg, peer_public_key,
&mut shared_key)
.map_err(|_| error_value));
kdf(&shared_key[0..shared_key_len])
kdf(&shared_key[..shared_key_len])
}

8
src/digest.rs
View File

@ -390,7 +390,7 @@ pub const MAX_CHAINING_LEN: usize = MAX_OUTPUT_LEN;
fn sha256_format_output(input: &[u64; MAX_CHAINING_LEN / 8])
-> [u64; MAX_OUTPUT_LEN / 8] {
let in32 = &polyfill::slice::u64_as_u32(input)[0..8];
let in32 = &polyfill::slice::u64_as_u32(input)[..8];
[
u32x2!(in32[0].to_be(), in32[1].to_be()),
u32x2!(in32[2].to_be(), in32[3].to_be()),
@ -592,9 +592,9 @@ mod tests {
for i in 0..input.len() {
for j in 0..input.len() {
for k in 0..input.len() {
let part1 = &input[0..i];
let part2 = &input[0..j];
let part3 = &input[0..k];
let part1 = &input[..i];
let part2 = &input[..j];
let part3 = &input[..k];
let mut ctx = digest::Context::new(&$alg);
ctx.update(part1);

2
src/hmac.rs
View File

@ -165,7 +165,7 @@ impl SigningKey {
// XXX: There should probably be a `digest::MAX_CHAINING_LEN`, but for
// now `digest::MAX_OUTPUT_LEN` is good enough.
let mut key_data = [0u8; digest::MAX_OUTPUT_LEN];
let key_data = &mut key_data[0..digest_alg.output_len];
let key_data = &mut key_data[..digest_alg.output_len];
try!(rand::fill_secure_random(key_data));
Ok(SigningKey::new(digest_alg, key_data))
}

2
src/pbkdf2.rs
View File

@ -198,7 +198,7 @@ pub fn verify(prf: &'static PRF, iterations: usize, salt: &[u8], secret: &[u8],
if previously_derived.len() > derived_buf.len() {
return Err(());
}
let derived = &mut derived_buf[0..previously_derived.len()];
let derived = &mut derived_buf[..previously_derived.len()];
derive(prf, iterations, salt, secret, derived);
constant_time::verify_slices_are_equal(derived, previously_derived)
}