Add nightly cargo fotmatting rules

README.md

@@ -8,22 +8,7 @@ and Tang.
 
 This crate is a work in progress.
 
-## Tang
-
-The basic operations path is taken from the [Tang] specification. In short, the
-encrypting client must:
-
-1. Request a public key with `GET /adv`. This returns a JWK set as a JWS
-2. Verify the integrity of the received JWS using the included `verify` key
-
-The config can specify:
-
-- Tang URL
-- Thumbprint
-
-The URL specifies which server to query, while the thumbprint specifies a
-preferred key.
-
+See the documentation for further information: <https://docs.rs/clevis>.
 
 ## Licensing
 

src/error.rs

@@ -1,4 +1,5 @@
-use std::{fmt, io, str::Utf8Error};
+use std::str::Utf8Error;
+use std::{fmt, io};
 
 use crate::jose::Jwk;
 

src/jose.rs

@@ -1,23 +1,23 @@
-use crate::key_exchange::{create_enc_key, recover_enc_key};
-use crate::util::{b64_to_bytes, b64_to_str};
-use crate::{EncryptionKey, Error, Result};
+use std::fmt;
+
 use base64ct::{Base64Url, Base64UrlUnpadded, Encoding};
 use elliptic_curve::sec1::{EncodedPoint, FromEncodedPoint, ModulusSize, ToEncodedPoint};
 use elliptic_curve::zeroize::Zeroizing;
+#[cfg(test)]
+use elliptic_curve::SecretKey;
 use elliptic_curve::{
     AffinePoint, Curve, CurveArithmetic, FieldBytes, FieldBytesSize, JwkParameters, PublicKey,
 };
 use serde::{Deserialize, Serialize};
 use serde_json::{json, Value};
-use sha2::Digest;
-use sha2::Sha256;
-use std::fmt;
-
-#[cfg(test)]
-use elliptic_curve::SecretKey;
+use sha2::{Digest, Sha256};
 #[cfg(test)]
 use zeroize::Zeroize;
 
+use crate::key_exchange::{create_enc_key, recover_enc_key};
+use crate::util::{b64_to_bytes, b64_to_str};
+use crate::{EncryptionKey, Error, Result};
+
 /// Representation of a tang advertisment response which is a JWS of available keys.
 ///
 /// This is what is produced when you GET `tang_url/adv`.
@@ -267,7 +267,8 @@ impl EcJwk {
     // FIXME: switch these to use generics once p521 uses the `ecdsa` crate traits
 
     fn verify_p256(&self, msg: &[u8], sig: &[u8]) -> Result<()> {
-        use p256::ecdsa::{signature::Verifier, Signature, VerifyingKey};
+        use p256::ecdsa::signature::Verifier;
+        use p256::ecdsa::{Signature, VerifyingKey};
         let pubkey = self.to_pub::<p256::NistP256>()?;
         let verify_key = VerifyingKey::from_affine(*pubkey.as_affine())?;
         let signature = Signature::from_slice(sig)?;
@@ -277,7 +278,8 @@ impl EcJwk {
     }
 
     fn verify_p384(&self, msg: &[u8], sig: &[u8]) -> Result<()> {
-        use p384::ecdsa::{signature::Verifier, Signature, VerifyingKey};
+        use p384::ecdsa::signature::Verifier;
+        use p384::ecdsa::{Signature, VerifyingKey};
         let pubkey = self.to_pub::<p384::NistP384>()?;
         let verify_key = VerifyingKey::from_affine(*pubkey.as_affine())?;
         let signature = Signature::from_slice(sig)?;
@@ -287,7 +289,8 @@ impl EcJwk {
     }
 
     fn verify_p521(&self, msg: &[u8], sig: &[u8]) -> Result<()> {
-        use p521::ecdsa::{signature::Verifier, Signature, VerifyingKey};
+        use p521::ecdsa::signature::Verifier;
+        use p521::ecdsa::{Signature, VerifyingKey};
         let pubkey = self.to_pub::<p521::NistP521>()?;
         let verify_key = VerifyingKey::from_affine(*pubkey.as_affine())?;
         let signature = Signature::from_slice(sig)?;

src/key_exchange.rs

@@ -1,23 +1,17 @@
-use crate::jose::{EcJwk, Jwk, JwkCurve};
-use crate::{Error, Result};
-use elliptic_curve::ecdh;
 use elliptic_curve::ecdh::SharedSecret;
 use elliptic_curve::group::Curve as GroupCurve;
 use elliptic_curve::point::AffineCoordinates;
 use elliptic_curve::rand_core::OsRng;
-use elliptic_curve::sec1::FromEncodedPoint;
-use elliptic_curve::sec1::ModulusSize;
-use elliptic_curve::sec1::ToEncodedPoint;
+use elliptic_curve::sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint};
 use elliptic_curve::subtle::ConstantTimeEq;
 use elliptic_curve::zeroize::Zeroizing;
-use elliptic_curve::AffinePoint;
-use elliptic_curve::Curve;
-use elliptic_curve::CurveArithmetic;
-use elliptic_curve::FieldBytesSize;
-use elliptic_curve::JwkParameters;
-use elliptic_curve::ProjectivePoint;
-use elliptic_curve::PublicKey;
-use elliptic_curve::SecretKey;
+use elliptic_curve::{
+    ecdh, AffinePoint, Curve, CurveArithmetic, FieldBytesSize, JwkParameters, ProjectivePoint,
+    PublicKey, SecretKey,
+};
+
+use crate::jose::{EcJwk, Jwk, JwkCurve};
+use crate::{Error, Result};
 
 /// A zeroizing wrapper around a generated encryption key
 #[derive(Clone, Debug)]

src/key_exchange_tests.rs

@@ -13,10 +13,10 @@
 //!
 //! We provide each mode with a separate function and test against the jose output
 
-use crate::jose::Jwk;
+use serde_json::Value;
 
 use super::*;
-use serde_json::Value;
+use crate::jose::Jwk;
 
 // PUB and PRIV are random keys, not related
 // It seems like jose doesn't do what we want unless we slap an `alg: ECMR` on everything

src/lib.rs

@@ -1,6 +1,8 @@
 //! A Rust implementation of the Tang portion of Clevis, specified in
 //! <https://github.com/latchset/clevis>.
 //!
+//! This is still under development, but works reasonibly well.
+//!
 //! ```
 //! # #[cfg(not(feature = "_backend"))] fn main() {}
 //! # #[cfg(feature = "_backend")]
@@ -15,7 +17,9 @@
 //! let client = TangClient::new("localhost:11697", None);
 //!
 //! // create a key suitible for encryption (i.e. has gone through a KDF)
-//! let out = client.create_secure_key::<KEY_BYTES>().expect("failed to generate key");
+//! let out = client
+//!     .create_secure_key::<KEY_BYTES>()
+//!     .expect("failed to generate key");
 //!
 //! // use this key to encrypt data
 //! let original_key = out.encryption_key;
@@ -29,7 +33,9 @@
 //! /* key recovery */
 //!
 //! let new_meta = KeyMeta::from_json(&meta_str).expect("invalid metadata");
-//! let new_key = client.recover_secure_key::<KEY_BYTES>(&new_meta).expect("failed to retrieve key");
+//! let new_key = client
+//!     .recover_secure_key::<KEY_BYTES>(&new_meta)
+//!     .expect("failed to retrieve key");
 //!
 //! assert_eq!(original_key, new_key);
 //! # }

src/main.rs

@@ -1,11 +1,11 @@
 #![allow(unused)]
 
 use std::io::stdin;
-
-use clap::{Args, Parser, Subcommand};
 // use clevis::{DecryptConfig, EncryptConfig, EncryptSource};
 use std::io::{BufRead, Read};
 
+use clap::{Args, Parser, Subcommand};
+
 #[derive(Debug, Parser)]
 struct Cli {
     #[command(subcommand)]