bearssl, bearssl-sys: `lib.rs` QoL improvements

* Include the crate's `README.md` as the main doc
* Add common lint denies
* Unify multiple allows into one

bearssl-sys/src/lib.rs

@@ -1,8 +1,16 @@
+#![doc = include_str!("../README.md")]
 #![no_std]
-#![allow(non_camel_case_types)]
-#![allow(non_snake_case)]
-#![allow(non_upper_case_globals)]
-#![allow(clippy::missing_safety_doc)]
+#![allow(clippy::missing_safety_doc, non_camel_case_types, non_snake_case, non_upper_case_globals)]
+#![deny(
+    clippy::expect_used,
+    clippy::panic,
+    clippy::panic_in_result_fn,
+    clippy::unwrap_in_result,
+    clippy::unwrap_used,
+    clippy::zero_ptr,
+    unused_lifetimes,
+    unused_qualifications
+)]
 
 #[cfg(feature = "dont-assume-size_t-equals-uintptr_t")]
 use libc::size_t;

bearssl/CREDITS.md

@@ -25,3 +25,36 @@ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 Footer
 ```
+
+
+## RustCrypto Projects
+
+* General layout and `lib.rs` is inspired from how RustCrypto people do it.
+
+```
+Copyright (c) 2021 The RustCrypto Project Developers
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+```

bearssl/src/ec.rs

@@ -0,0 +1,5 @@
+mod private;
+mod public;
+
+pub use private::PrivateKey;
+pub use public::PublicKey;

bearssl/src/ec/private.rs

@@ -0,0 +1,31 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_ec_private_key;
+
+#[repr(transparent)]
+pub struct PrivateKey(pub(crate) br_ec_private_key);
+
+#[cfg(feature = "zeroize")]
+impl Drop for PrivateKey {
+    fn drop(&mut self) {
+        use zeroize::Zeroize;
+
+        self.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::ZeroizeOnDrop for PrivateKey {}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PrivateKey {
+    fn zeroize(&mut self) {
+        // Safety: Slice constructions should be safe as long as lengths have not been modified
+        // outside what BearSSL set.
+        unsafe {
+            let x = slice::from_raw_parts_mut(self.0.x, self.0.xlen);
+            x.zeroize();
+        }
+    }
+}

bearssl/src/ec/public.rs

@@ -0,0 +1,17 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_ec_public_key;
+
+#[repr(transparent)]
+pub struct PublicKey(pub(crate) br_ec_public_key);
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PublicKey {
+    fn zeroize(&mut self) {
+        unsafe {
+            let q = slice::from_raw_parts_mut(self.0.q, self.0.qlen);
+            q.zeroize();
+        }
+    }
+}

bearssl/src/lib.rs

@@ -1,8 +1,20 @@
+#![doc = include_str!("../README.md")]
 #![no_std]
+#![deny(
+    clippy::expect_used,
+    clippy::panic,
+    clippy::panic_in_result_fn,
+    clippy::unwrap_in_result,
+    clippy::unwrap_used,
+    clippy::zero_ptr,
+    unused_lifetimes,
+    unused_qualifications
+)]
 
 #[cfg(feature = "std")]
 extern crate std;
 
+pub mod ec;
 pub mod engine;
 pub mod profile;
 pub mod rsa;

bearssl/src/rsa.rs

@@ -1,4 +1,5 @@
-use bearssl_sys::*;
+mod private;
+mod public;
 
-pub struct PublicKey(pub(crate) br_rsa_public_key);
-pub struct PrivateKey(pub(crate) br_rsa_private_key);
+pub use private::PrivateKey;
+pub use public::PublicKey;

bearssl/src/rsa/private.rs

@@ -0,0 +1,43 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_rsa_private_key;
+
+#[repr(transparent)]
+pub struct PrivateKey(pub(crate) br_rsa_private_key);
+
+#[cfg(feature = "zeroize")]
+impl Drop for PrivateKey {
+    fn drop(&mut self) {
+        use zeroize::Zeroize;
+
+        self.zeroize();
+    }
+}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::ZeroizeOnDrop for PrivateKey {}
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PrivateKey {
+    fn zeroize(&mut self) {
+        // Safety: Slice constructions should be safe as long as lengths have not been modified
+        // outside what BearSSL set.
+        unsafe {
+            let p = slice::from_raw_parts_mut(self.0.p, self.0.plen);
+            p.zeroize();
+
+            let q = slice::from_raw_parts_mut(self.0.q, self.0.qlen);
+            q.zeroize();
+
+            let dp = slice::from_raw_parts_mut(self.0.dp, self.0.dplen);
+            dp.zeroize();
+
+            let dq = slice::from_raw_parts_mut(self.0.dq, self.0.dqlen);
+            dq.zeroize();
+
+            let iq = slice::from_raw_parts_mut(self.0.iq, self.0.iqlen);
+            iq.zeroize();
+        }
+    }
+}

bearssl/src/rsa/public.rs

@@ -0,0 +1,20 @@
+use core::ops::Drop;
+use core::slice;
+
+use bearssl_sys::br_rsa_public_key;
+
+#[repr(transparent)]
+pub struct PublicKey(pub(crate) br_rsa_public_key);
+
+#[cfg(feature = "zeroize")]
+impl zeroize::Zeroize for PublicKey {
+    fn zeroize(&mut self) {
+        unsafe {
+            let n = slice::from_raw_parts_mut(self.0.n, self.0.nlen);
+            n.zeroize();
+
+            let e = slice::from_raw_parts_mut(self.0.e, self.0.elen);
+            e.zeroize();
+        }
+    }
+}