/rust/registry/src/index.crates.io-6f17d22bba15001f/untrusted-0.9.0/src/input.rs

Source (jump to first uncovered line)
// Copyright 2015-2021 Brian Smith.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

use crate::{no_panic, Reader};

/// A wrapper around `&'a [u8]` that helps in writing panic-free code.
///
/// No methods of `Input` will ever panic.
///
/// Intentionally avoids implementing `PartialEq` and `Eq` to avoid implicit
/// non-constant-time comparisons.
#[derive(Clone, Copy)]
pub struct Input<'a> {
    value: no_panic::Slice<'a>,
}

/// The value is intentionally omitted from the output to avoid leaking
/// secrets.
impl core::fmt::Debug for Input<'_> {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_struct("Input").finish()
    }
}

impl<'a> Input<'a> {
    /// Construct a new `Input` for the given input `bytes`.
    pub const fn from(bytes: &'a [u8]) -> Self {
        // This limit is important for avoiding integer overflow. In particular,
        // `Reader` assumes that an `i + 1 > i` if `input.value.get(i)` does
        // not return `None`. According to the Rust language reference, the
        // maximum object size is `core::isize::MAX`, and in practice it is
        // impossible to create an object of size `core::usize::MAX` or larger.
        Self {
            value: no_panic::Slice::new(bytes),
        }
    }

    /// Returns `true` if the input is empty and false otherwise.
    #[inline]
    pub fn is_empty(&self) -> bool {
        self.value.is_empty()
    }

    /// Returns the length of the `Input`.
    #[inline]
    pub fn len(&self) -> usize {
        self.value.len()
    }

    /// Calls `read` with the given input as a `Reader`, ensuring that `read`
    /// consumed the entire input. If `read` does not consume the entire input,
    /// `incomplete_read` is returned.
    pub fn read_all<F, R, E>(&self, incomplete_read: E, read: F) -> Result<R, E>
    where
        F: FnOnce(&mut Reader<'a>) -> Result<R, E>,
    {
        let mut input = Reader::new(*self);
        let result = read(&mut input)?;
        if input.at_end() {
            Ok(result)
        } else {
            Err(incomplete_read)
        }
    }

    /// Access the input as a slice so it can be processed by functions that
    /// are not written using the Input/Reader framework.
    #[inline]
    pub fn as_slice_less_safe(&self) -> &'a [u8] {
        self.value.as_slice_less_safe()
    }

    pub(super) fn into_value(self) -> no_panic::Slice<'a> {
        self.value
    }
}

impl<'a> From<&'a [u8]> for Input<'a> {
    #[inline]
    fn from(value: &'a [u8]) -> Self {
        no_panic::Slice::new(value).into()
    }
}

impl<'a> From<no_panic::Slice<'a>> for Input<'a> {
    #[inline]
    fn from(value: no_panic::Slice<'a>) -> Self {
        Self { value }
    }
}

Line	Count	Source (jump to first uncovered line)
1		// Copyright 2015-2021 Brian Smith.
2		//
3		// Permission to use, copy, modify, and/or distribute this software for any
4		// purpose with or without fee is hereby granted, provided that the above
5		// copyright notice and this permission notice appear in all copies.
6		//
7		// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8		// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9		// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
10		// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11		// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12		// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13		// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15		use crate::{no_panic, Reader};
16
17		/// A wrapper around `&'a [u8]` that helps in writing panic-free code.
18		///
19		/// No methods of `Input` will ever panic.
20		///
21		/// Intentionally avoids implementing `PartialEq` and `Eq` to avoid implicit
22		/// non-constant-time comparisons.
23		#[derive(Clone, Copy)]
24		pub struct Input<'a> {
25		value: no_panic::Slice<'a>,
26		}
27
28		/// The value is intentionally omitted from the output to avoid leaking
29		/// secrets.
30		impl core::fmt::Debug for Input<'_> {
31	0	fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
32	0	f.debug_struct("Input").finish()
33	0	}
34		}
35
36		impl<'a> Input<'a> {
37		/// Construct a new `Input` for the given input `bytes`.
38	0	pub const fn from(bytes: &'a [u8]) -> Self {
39	0	// This limit is important for avoiding integer overflow. In particular,
40	0	// `Reader` assumes that an `i + 1 > i` if `input.value.get(i)` does
41	0	// not return `None`. According to the Rust language reference, the
42	0	// maximum object size is `core::isize::MAX`, and in practice it is
43	0	// impossible to create an object of size `core::usize::MAX` or larger.
44	0	Self {
45	0	value: no_panic::Slice::new(bytes),
46	0	}
47	0	}
48
49		/// Returns `true` if the input is empty and false otherwise.
50		#[inline]
51	0	pub fn is_empty(&self) -> bool {
52	0	self.value.is_empty()
53	0	} Unexecuted instantiation: <untrusted::input::Input>::is_empty Unexecuted instantiation: <untrusted::input::Input>::is_empty
54
55		/// Returns the length of the `Input`.
56		#[inline]
57	0	pub fn len(&self) -> usize {
58	0	self.value.len()
59	0	} Unexecuted instantiation: <untrusted::input::Input>::len Unexecuted instantiation: <untrusted::input::Input>::len
60
61		/// Calls `read` with the given input as a `Reader`, ensuring that `read`
62		/// consumed the entire input. If `read` does not consume the entire input,
63		/// `incomplete_read` is returned.
64	0	pub fn read_all<F, R, E>(&self, incomplete_read: E, read: F) -> Result<R, E>
65	0	where
66	0	F: FnOnce(&mut Reader<'a>) -> Result<R, E>,
67	0	{
68	0	let mut input = Reader::new(*self);
69	0	let result = read(&mut input)?;
70	0	if input.at_end() {
71	0	Ok(result)
72		} else {
73	0	Err(incomplete_read)
74		}
75	0	} Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::rsa::parse_public_key::{closure#0}::{closure#0}, (ring::io::positive::Positive, ring::io::positive::Positive), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::pkcs8::unwrap_key_::{closure#0}::{closure#0}, (untrusted::input::Input, core::option::Option<untrusted::input::Input>), ring::error::key_rejected::KeyRejected> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::ec::suite_b::key_pair_from_pkcs8::{closure#0}::{closure#0}, (untrusted::input::Input, untrusted::input::Input), ring::error::key_rejected::KeyRejected> Unexecuted instantiation: <untrusted::input::Input>::read_all::<<ring::rsa::public_exponent::PublicExponent>::from_be_bytes::{closure#0}, u64, ring::error::key_rejected::KeyRejected> Unexecuted instantiation: <untrusted::input::Input>::read_all::<<ring::rsa::keypair::KeyPair>::from_der::{closure#0}, ring::rsa::keypair::KeyPair, ring::error::key_rejected::KeyRejected> Unexecuted instantiation: <untrusted::input::Input>::read_all::<<ring::ec::suite_b::ecdsa::verification::EcdsaVerificationAlgorithm>::verify_digest::{closure#0}, (untrusted::input::Input, untrusted::input::Input), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::rsa::parse_public_key::{closure#0}, (ring::io::positive::Positive, ring::io::positive::Positive), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::pkcs8::unwrap_key_::{closure#0}, (untrusted::input::Input, core::option::Option<untrusted::input::Input>), ring::error::key_rejected::KeyRejected> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::ec::suite_b::key_pair_from_pkcs8::{closure#0}, (untrusted::input::Input, untrusted::input::Input), ring::error::key_rejected::KeyRejected> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::io::der::bit_string_tagged_with_no_unused_bits::{closure#0}, untrusted::input::Input, ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::rsa::verification::verify_rsa_::{closure#0}, (), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::ec::suite_b::public_key::parse_uncompressed_point::{closure#0}, (ring::ec::suite_b::ops::elem::Elem<ring::ec::suite_b::ops::Q, ring::arithmetic::montgomery::R>, ring::ec::suite_b::ops::elem::Elem<ring::ec::suite_b::ops::Q, ring::arithmetic::montgomery::R>), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::ec::curve25519::ed25519::signing::unwrap_pkcs8::{closure#0}, untrusted::input::Input, ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::ec::suite_b::ecdsa::verification::split_rs_asn1::{closure#0}, (untrusted::input::Input, untrusted::input::Input), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<<ring::rsa::padding::pss::PSS as ring::rsa::padding::Verification>::verify::{closure#0}, (), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<<ring::ec::curve25519::ed25519::verification::EdDSAParameters as ring::signature::VerificationAlgorithm>::verify::{closure#0}, (&[u8; 32], &[u8; 32]), ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<<ring::rsa::keypair::KeyPair>::from_der_reader, ring::rsa::keypair::KeyPair, ring::error::key_rejected::KeyRejected> Unexecuted instantiation: <untrusted::input::Input>::read_all::<ring::io::der::bit_string_with_no_unused_bits, untrusted::input::Input, ring::error::unspecified::Unspecified> Unexecuted instantiation: <untrusted::input::Input>::read_all::<_, _, _>
76
77		/// Access the input as a slice so it can be processed by functions that
78		/// are not written using the Input/Reader framework.
79		#[inline]
80	0	pub fn as_slice_less_safe(&self) -> &'a [u8] {
81	0	self.value.as_slice_less_safe()
82	0	} Unexecuted instantiation: <untrusted::input::Input>::as_slice_less_safe Unexecuted instantiation: <untrusted::input::Input>::as_slice_less_safe
83
84	0	pub(super) fn into_value(self) -> no_panic::Slice<'a> {
85	0	self.value
86	0	}
87		}
88
89		impl<'a> From<&'a [u8]> for Input<'a> {
90		#[inline]
91	0	fn from(value: &'a [u8]) -> Self {
92	0	no_panic::Slice::new(value).into()
93	0	}
94		}
95
96		impl<'a> From<no_panic::Slice<'a>> for Input<'a> {
97		#[inline]
98	0	fn from(value: no_panic::Slice<'a>) -> Self {
99	0	Self { value }
100	0	} Unexecuted instantiation: <untrusted::input::Input as core::convert::From<untrusted::no_panic::Slice>>::from Unexecuted instantiation: <untrusted::input::Input as core::convert::From<untrusted::no_panic::Slice>>::from
101		}

Coverage Report

Created: 2025-07-02 06:49