aead: enable and fix workspace-level lints (#2306)

tarcieri · web-flow · commit d92139eba71e · 2026-02-17T15:20:49.000-07:00
Added in #2270. See also: #2279, #2298
diff --git a/aead/Cargo.toml b/aead/Cargo.toml
@@ -31,5 +31,8 @@ dev = ["blobby", "alloc"]
 getrandom = ["common/getrandom"]
 rand_core = ["common/rand_core"]
 
+[lints]
+workspace = true
+
 [package.metadata.docs.rs]
 all-features = true
diff --git a/aead/src/dev.rs b/aead/src/dev.rs
@@ -1,4 +1,9 @@
 //! Development-related functionality
+
+#![allow(clippy::missing_errors_doc, reason = "dev module")]
+#![allow(clippy::missing_panics_doc, reason = "dev module")]
+#![allow(clippy::unwrap_in_result, reason = "dev module")]
+
 use crate::{
     Aead, AeadInOut, Payload, Tag, TagPosition, array::typenum::Unsigned, inout::InOutBuf,
 };
@@ -21,6 +26,7 @@ pub struct TestVector {
 }
 
 /// Run AEAD test for the provided passing test vector
+#[allow(clippy::cast_possible_truncation)]
 pub fn pass_test<C: AeadInOut + KeyInit>(
     &TestVector {
         key,
diff --git a/aead/src/lib.rs b/aead/src/lib.rs
@@ -158,6 +158,9 @@ pub trait Aead: AeadCore {
     /// AES-GCM-SIV, ChaCha20Poly1305). [`Aead`] implementations which do not
     /// use a postfix tag will need to override this to correctly assemble the
     /// ciphertext message.
+    ///
+    /// # Errors
+    /// AEAD algorithm implementations may return an error if the plaintext or AAD are too long.
     fn encrypt<'msg, 'aad>(
         &self,
         nonce: &Nonce<Self>,
@@ -181,6 +184,11 @@ pub trait Aead: AeadCore {
     /// AES-GCM-SIV, ChaCha20Poly1305). [`Aead`] implementations which do not
     /// use a postfix tag will need to override this to correctly parse the
     /// ciphertext message.
+    ///
+    /// # Errors
+    /// - if the `ciphertext` is inauthentic (i.e. tag verification failure)
+    /// - if the `ciphertext` is too long
+    /// - if the `aad` is too long
     fn decrypt<'msg, 'aad>(
         &self,
         nonce: &Nonce<Self>,
@@ -217,6 +225,9 @@ impl<T: AeadInOut> Aead for T {
 /// In-place and inout AEAD trait which handles the authentication tag as a return value/separate parameter.
 pub trait AeadInOut: AeadCore {
     /// Encrypt the data in the provided [`InOutBuf`], returning the authentication tag.
+    ///
+    /// # Errors
+    /// AEAD algorithm implementations may return an error if the plaintext or AAD are too long.
     fn encrypt_inout_detached(
         &self,
         nonce: &Nonce<Self>,
@@ -226,7 +237,12 @@ pub trait AeadInOut: AeadCore {
 
     /// Decrypt the data in the provided [`InOutBuf`], returning an error in the event the
     /// provided authentication tag is invalid for the given ciphertext (i.e. ciphertext
-    /// is modified/unauthentic)
+    /// is modified/unauthentic).
+    ///
+    /// # Errors
+    /// - if the `ciphertext` is inauthentic (i.e. tag verification failure)
+    /// - if the `ciphertext` is too long
+    /// - if the `aad` is too long
     fn decrypt_inout_detached(
         &self,
         nonce: &Nonce<Self>,
@@ -242,6 +258,7 @@ pub trait AeadInOut: AeadCore {
     /// The exact size needed is cipher-dependent, but generally includes
     /// the size of an authentication tag.
     ///
+    /// # Errors
     /// Returns an error if the buffer has insufficient capacity to store the
     /// resulting ciphertext message.
     fn encrypt_in_place(
@@ -275,6 +292,9 @@ pub trait AeadInOut: AeadCore {
     ///
     /// The buffer will be truncated to the length of the original plaintext
     /// message upon success.
+    ///
+    /// # Errors
+    /// - if the `ciphertext` is inauthentic (i.e. tag verification failure)
     fn decrypt_in_place(
         &self,
         nonce: &Nonce<Self>,
@@ -306,6 +326,7 @@ pub trait AeadInOut: AeadCore {
 ///
 /// NOTE: deprecated! Please migrate to [`AeadInOut`].
 #[deprecated(since = "0.6.0", note = "use `AeadInOut` instead")]
+#[allow(clippy::missing_errors_doc)]
 pub trait AeadInPlace: AeadCore {
     /// Encrypt the given buffer containing a plaintext message in-place.
     #[deprecated(since = "0.6.0", note = "use `AeadInOut::encrypt_in_place` instead")]
@@ -435,10 +456,13 @@ pub trait Buffer: AsRef<[u8]> + AsMut<[u8]> {
         self.as_ref().is_empty()
     }
 
-    /// Extend this buffer from the given slice
+    /// Extend this buffer from the given slice.
+    ///
+    /// # Errors
+    /// If the buffer has insufficient capacity.
     fn extend_from_slice(&mut self, other: &[u8]) -> Result<()>;
 
-    /// Truncate this buffer to the given size
+    /// Truncate this buffer to the given size.
     fn truncate(&mut self, len: usize);
 }
 
diff --git a/aead/tests/dummy.rs b/aead/tests/dummy.rs
@@ -1,16 +1,28 @@
 //! This module defines dummy (horribly insecure!) AEAD implementations
 //! to test implementation of the AEAD traits and helper macros in the `dev` module.
+
 #![cfg(feature = "dev")]
+#![allow(missing_docs, reason = "tests")]
+#![allow(clippy::trivially_copy_pass_by_ref, reason = "tests")]
+#![allow(clippy::unwrap_used, reason = "tests")]
+
 use aead::{
     AeadCore, AeadInOut, Error, Key, KeyInit, KeySizeUser, Nonce, Result, Tag, TagPosition,
     array::Array, consts::U8,
 };
+use core::fmt;
 use inout::InOutBuf;
 
 struct DummyAead {
     key: [u8; 8],
 }
 
+impl fmt::Debug for DummyAead {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("DummyAead").finish_non_exhaustive()
+    }
+}
+
 impl DummyAead {
     fn process_aad(&self, nonce: &[u8; 8], aad: &[u8]) -> u64 {
         let mut tag = u64::from_le_bytes(*nonce);
@@ -92,6 +104,7 @@ impl DummyAead {
     }
 }
 
+#[derive(Debug)]
 pub struct PrefixDummyAead(DummyAead);
 
 impl KeySizeUser for PrefixDummyAead {
@@ -131,6 +144,7 @@ impl AeadInOut for PrefixDummyAead {
     }
 }
 
+#[derive(Debug)]
 pub struct PostfixDummyAead(DummyAead);
 
 impl KeySizeUser for PostfixDummyAead {
