MarketTakers/arbiter
6
0
Fork 0
Code Issues 26 Pull Requests 1 Packages Projects Releases Wiki Activity

style(encryption): suppress clippy unwrap lints with justifications
Some checks failed
ci/woodpecker/pr/server-audit Pipeline was successful
Details
ci/woodpecker/pr/server-vet Pipeline failed
Details
ci/woodpecker/pr/server-lint Pipeline failed
Details
ci/woodpecker/pr/server-test Pipeline was successful
Details

Browse Source
This commit is contained in:
hdbg
2026-03-17 11:30:06 +01:00
parent c56184d30b
commit 712f114763
7 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/crates/arbiter-server/src/actors/keyholder/encryption/v1.rs
View File

@@ -72,6 +72,10 @@ impl TryFrom<SafeCell<Vec<u8>>> for KeyCell {
impl KeyCell {
pub fn new_secure_random() -> Self {
let key = SafeCell::new_inline(|key_buffer: &mut Key| {
#[allow(
clippy::unwrap_used,
reason = "Rng failure is unrecoverable and should panic"
)]
let mut rng = StdRng::try_from_rng(&mut SysRng).unwrap();
rng.fill_bytes(key_buffer);
});
@@ -133,6 +137,10 @@ pub type Salt = [u8; ArgonSalt::RECOMMENDED_LENGTH];
pub fn generate_salt() -> Salt {
let mut salt = Salt::default();
#[allow(
clippy::unwrap_used,
reason = "Rng failure is unrecoverable and should panic"
)]
let mut rng = StdRng::try_from_rng(&mut SysRng).unwrap();
rng.fill_bytes(&mut salt);
salt
@@ -141,6 +149,7 @@ pub fn generate_salt() -> Salt {
/// User password might be of different length, have not enough entropy, etc...
/// Derive a fixed-length key from the password using Argon2id, which is designed for password hashing and key derivation.
pub fn derive_seal_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell {
#[allow(clippy::unwrap_used)]
let params = argon2::Params::new(262_144, 3, 4, None).unwrap();
let hasher = Argon2::new(Algorithm::Argon2id, argon2::Version::V0x13, params);
let mut key = SafeCell::new(Key::default());
@@ -148,6 +157,10 @@ pub fn derive_seal_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell
let mut key_buffer = key.write();
let key_buffer: &mut [u8] = key_buffer.as_mut();
#[allow(
clippy::unwrap_used,
reason = "Better fail completely than return a weak key"
)]
hasher
.hash_password_into(password_source.deref(), salt, key_buffer)
.unwrap();

2
server/crates/arbiter-server/src/actors/router/mod.rs
View File

@@ -154,7 +154,7 @@ impl MessageRouter {
ctx: &mut Context<Self, DelegatedReply<Result<bool, ApprovalError>>>,
) -> DelegatedReply<Result<bool, ApprovalError>> {
let (reply, Some(reply_sender)) = ctx.reply_sender() else {
panic!("Exptected `request_client_approval` to have callback channel");
unreachable!("Expected `request_client_approval` to have callback channel");
};
let weak_refs = self

18
server/crates/arbiter-server/src/actors/user_agent/mod.rs
View File

@@ -1,12 +1,13 @@
use alloy::primitives::Address;
use arbiter_proto::{transport::Bi};
use arbiter_proto::transport::Bi;
use kameo::actor::Spawn as _;
use tracing::{error, info};
use crate::{
actors::{GlobalActors, evm, user_agent::session::UserAgentSession},
db::{self, models::KeyType}, evm::policies::{Grant, SpecificGrant},
db::{self, models::KeyType},
evm::policies::SharedGrantSettings,
evm::policies::{Grant, SpecificGrant},
};
#[derive(Debug, thiserror::Error, PartialEq)]
@@ -47,6 +48,7 @@ impl AuthPublicKey {
AuthPublicKey::EcdsaSecp256k1(k) => k.to_encoded_point(true).as_bytes().to_vec(),
AuthPublicKey::Rsa(k) => {
use rsa::pkcs8::EncodePublicKey as _;
#[allow(clippy::expect_used)]
k.to_public_key_der()
.expect("rsa SPKI encoding is infallible")
.to_vec()
@@ -124,13 +126,19 @@ pub enum Request {
#[derive(Debug)]
pub enum Response {
AuthChallenge { nonce: i32 },
AuthChallenge {
nonce: i32,
},
AuthOk,
UnsealStartResponse { server_pubkey: x25519_dalek::PublicKey },
UnsealStartResponse {
server_pubkey: x25519_dalek::PublicKey,
},
UnsealResult(Result<(), UnsealError>),
BootstrapResult(Result<(), BootstrapError>),
VaultState(VaultState),
ClientConnectionRequest { pubkey: ed25519_dalek::VerifyingKey },
ClientConnectionRequest {
pubkey: ed25519_dalek::VerifyingKey,
},
ClientConnectionCancel,
EvmWalletCreate(Result<(), evm::Error>),
EvmWalletList(Vec<Address>),

6
server/crates/arbiter-server/src/actors/user_agent/session/connection.rs
View File

@@ -1,4 +1,4 @@
use std::{ops::DerefMut, sync::Mutex};
use std::sync::Mutex;
use chacha20poly1305::{AeadInPlace, XChaCha20Poly1305, XNonce, aead::KeyInit};
use kameo::error::SendError;
@@ -76,6 +76,10 @@ impl UserAgentSession {
};
let ephemeral_secret = {
#[allow(
clippy::unwrap_used,
reason = "Mutex poison is unrecoverable and should panic"
)]
let mut secret_lock = unseal_context.secret.lock().unwrap();
let secret = secret_lock.take();
match secret {