Rust 2024 edition

.github/workflows/ci.yaml

@@ -37,7 +37,7 @@ jobs:
             features: default
           # MSRV
           - os: ubuntu-22.04
-            toolchain: 1.81.0
+            toolchain: 1.85.0
             features: default
     steps:
       - uses: actions/checkout@v4

Cargo.toml

@@ -15,8 +15,8 @@ keywords = [
     "transform-encryption",
 ]
 description = "A pure-Rust SDK for accessing IronCore's privacy platform"
-edition = "2021"
-rust-version = "1.81.0"
+edition = "2024"
+rust-version = "1.85.0"
 
 [dependencies]
 base64 = "0.22"

benches/ironoxide_bench.rs

@@ -1,4 +1,4 @@
-use criterion::{black_box, criterion_group, criterion_main, Criterion};
+use criterion::{Criterion, black_box, criterion_group, criterion_main};
 use ironoxide::prelude::*;
 use lazy_static::*;
 use tokio::runtime::Runtime;
@@ -17,7 +17,9 @@ lazy_static! {
         },
         _ => {
             // The core code defaults to `prod`, so we have to set this so the API_URL is set correctly.
-            std::env::set_var("IRONCORE_ENV", "stage");
+            unsafe {
+                std::env::set_var("IRONCORE_ENV", "stage");
+            }
             "stage"
         },
     }

examples/enc-search-sample.rs

@@ -36,7 +36,7 @@
 // Copyright (c) 2020  IronCore Labs, Inc.
 // =============================================================================
 
-use anyhow::{anyhow, Result};
+use anyhow::{Result, anyhow};
 use ironoxide::prelude::*;
 use lazy_static::lazy_static;
 use mut_static::MutStatic;

rust-toolchain.toml

@@ -1,4 +1,4 @@
 [toolchain]
 profile = "default"
-channel = "1.81.0"
+channel = "1.85.0"
 components = ["rust-src", "rust-analyzer"]

src/crypto/aes.rs

@@ -3,7 +3,7 @@ use std::{fmt, num::NonZeroU32};
 use rand::{self, CryptoRng, RngCore};
 use ring::{aead, aead::BoundKey, digest, error::Unspecified, pbkdf2};
 
-use crate::internal::{take_lock, IronOxideErr};
+use crate::internal::{IronOxideErr, take_lock};
 use std::{convert::TryFrom, ops::DerefMut, sync::Mutex};
 
 //There is no way this can fail. Value is most definitely not less than one.

src/crypto/transform.rs

@@ -1,6 +1,6 @@
 use crate::internal::{
-    document_api::{DocAccessEditErr, UserOrGroup},
     IronOxideErr, PublicKey, WithKey,
+    document_api::{DocAccessEditErr, UserOrGroup},
 };
 use itertools::{Either, Itertools};
 use recrypt::{

src/document.rs

@@ -8,12 +8,12 @@ pub use crate::internal::document_api::{
     DocumentMetadataResult, DocumentName, UserOrGroup, VisibleGroup, VisibleUser,
 };
 use crate::{
+    Result,
     common::SdkOperation,
     group::GroupId,
     internal::{add_optional_timeout, document_api},
     policy::PolicyGrant,
     user::UserId,
-    Result,
 };
 use futures::Future;
 use itertools::{Either, EitherOrBoth, Itertools};

src/document/advanced.rs

@@ -6,10 +6,10 @@ pub use crate::internal::document_api::{
     DocumentDecryptUnmanagedResult, DocumentEncryptUnmanagedResult,
 };
 use crate::{
-    document::{partition_user_or_group, DocumentEncryptOpts},
+    Result, SdkOperation,
+    document::{DocumentEncryptOpts, partition_user_or_group},
     internal,
     internal::add_optional_timeout,
-    Result, SdkOperation,
 };
 use futures::Future;
 use itertools::EitherOrBoth;

src/group.rs

@@ -7,10 +7,10 @@ pub use crate::internal::group_api::{
     GroupListResult, GroupMetaResult, GroupName, GroupUpdatePrivateKeyResult,
 };
 use crate::{
+    IronOxideErr, Result,
     common::SdkOperation,
     internal::{add_optional_timeout, group_api, group_api::GroupCreateOptsStd},
     user::UserId,
-    IronOxideErr, Result,
 };
 use futures::Future;
 use vec1::Vec1;
@@ -171,7 +171,6 @@ impl Default for GroupCreateOpts {
 ///            a group admin.
 /// - Rotation - Changing a group's private key while leaving its public key unchanged. This can be accomplished by calling
 ///     [group_rotate_private_key](trait.GroupOps.html#tymethod.group_rotate_private_key).
-
 pub trait GroupOps {
     /// Creates a group.
     ///
@@ -605,7 +604,7 @@ impl GroupOps for crate::IronOxide {
 mod tests {
     use crate::{
         group::GroupCreateOpts,
-        internal::{user_api::UserId, IronOxideErr},
+        internal::{IronOxideErr, user_api::UserId},
     };
 
     #[test]

src/internal.rs

@@ -295,8 +295,8 @@ pub mod auth_v2 {
         pub(in crate::internal::auth_v2) timestamp: OffsetDateTime,
     }
 
-    impl<'a> AuthV2Builder<'a> {
-        pub fn new(req_auth: &'a RequestAuth, timestamp: OffsetDateTime) -> AuthV2Builder {
+    impl AuthV2Builder<'_> {
+        pub fn new(req_auth: &RequestAuth, timestamp: OffsetDateTime) -> AuthV2Builder {
             AuthV2Builder {
                 req_auth,
                 timestamp,
@@ -312,8 +312,8 @@ pub mod auth_v2 {
         /// # Returns
         /// Authorization::Version2 that contains all the information necessary to make an
         /// IronCore authenticated request to the webservice.
-        pub fn finish_with(
-            &self,
+        pub fn finish_with<'a>(
+            &'a self,
             sig_url: SignatureUrlString,
             method: Method,
             body_bytes: Option<&'a [u8]>,
@@ -805,7 +805,7 @@ pub(crate) mod tests {
     use vec1::vec1;
 
     /// String contains matcher to assert that the provided substring exists in the provided value
-    pub fn contains<'a>(expected: &'a str) -> Box<dyn Matcher<String> + 'a> {
+    pub fn contains(expected: &str) -> Box<dyn Matcher<String> + '_> {
         Box::new(move |actual: &String| {
             let builder = MatchResultBuilder::for_("contains");
             if actual.contains(expected) {
@@ -818,7 +818,7 @@ pub(crate) mod tests {
     }
 
     /// Length matcher to assert that the provided iterable value has the expected size
-    pub fn length<'a, I, T>(expected: &'a usize) -> Box<dyn Matcher<I> + 'a>
+    pub fn length<'a, I, T>(expected: &'a usize) -> Box<dyn Matcher<'a, I> + 'a>
     where
         T: 'a,
         &'a I: Debug + Sized + IntoIterator<Item = &'a T> + 'a,
@@ -1200,11 +1200,10 @@ pub(crate) mod tests {
     #[test]
     fn init_and_rotation_user_and_groups() -> Result<(), IronOxideErr> {
         use crate::{
-            check_groups_and_collect_rotation,
+            InitAndRotationCheck, IronOxide, check_groups_and_collect_rotation,
             internal::{
                 group_api::tests::create_group_meta_result, user_api::tests::create_user_result,
             },
-            InitAndRotationCheck, IronOxide,
         };
         let recrypt = recrypt::api::Recrypt::new();
         let (_, pub_key) = recrypt.generate_key_pair()?;

src/internal/document_api.rs

@@ -1,35 +1,34 @@
 use crate::{
+    DeviceSigningKeyPair, PolicyCache,
     config::{IronOxideConfig, PolicyCachingConfig},
     crypto::{
         aes::{self, AesEncryptedValue},
         transform,
     },
     internal::{
-        self,
+        self, IronOxideErr, PrivateKey, PublicKey, RequestAuth, WithKey,
         document_api::requests::UserOrGroupWithKey,
         group_api::{GroupId, GroupName},
         take_lock,
         user_api::UserId,
-        validate_id, validate_name, IronOxideErr, PrivateKey, PublicKey, RequestAuth, WithKey,
+        validate_id, validate_name,
     },
     policy::PolicyGrant,
     proto::transform::{
         EncryptedDek as EncryptedDekP, EncryptedDekData as EncryptedDekDataP,
         EncryptedDeks as EncryptedDeksP,
     },
-    DeviceSigningKeyPair, PolicyCache,
 };
-use futures::{try_join, Future};
+use futures::{Future, try_join};
 use hex::encode;
 use itertools::{Either, Itertools};
 use protobuf::Message;
 use rand::{self, CryptoRng, RngCore};
 use recrypt::{api::Plaintext, prelude::*};
 use requests::{
-    document_create,
+    DocumentMetaApiResponse, document_create,
     document_list::{DocumentListApiResponse, DocumentListApiResponseItem},
     policy_get::PolicyResponse,
-    DocumentMetaApiResponse,
 };
 use serde::{Deserialize, Serialize};
 use std::{
@@ -1505,7 +1504,9 @@ mod tests {
     fn document_id_rejects_invalid() {
         let doc_id1 = DocumentId::try_from("not a good ID!");
         let doc_id2 = DocumentId::try_from("!!");
-        let doc_id3 = DocumentId::try_from("01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891");
+        let doc_id3 = DocumentId::try_from(
+            "01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891",
+        );
 
         assert_that!(
             &doc_id1.unwrap_err(),
@@ -1557,7 +1558,9 @@ mod tests {
 
     #[test]
     fn doc_name_rejects_too_long() {
-        let doc_name = DocumentName::try_from("01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891");
+        let doc_name = DocumentName::try_from(
+            "01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891",
+        );
 
         assert_that!(
             &doc_name.unwrap_err(),
@@ -1804,7 +1807,7 @@ mod tests {
     #[test]
     pub fn unmanaged_edoc_compare_grants() -> Result<(), IronOxideErr> {
         use crate::proto::transform::{
-            user_or_group::UserOrGroupId as UserOrGroupIdP, UserOrGroup as UserOrGroupP,
+            UserOrGroup as UserOrGroupP, user_or_group::UserOrGroupId as UserOrGroupIdP,
         };
         use recrypt::prelude::*;
 

src/internal/document_api/requests.rs

@@ -1,6 +1,6 @@
 use super::{AssociationType, DocumentId, DocumentName};
 use crate::internal::{
-    self,
+    self, IronOxideErr, RequestAuth, RequestErrorCode,
     auth_v2::AuthV2Builder,
     document_api::{EncryptedDek, UserOrGroup, VisibleGroup, VisibleUser, WithKey},
     group_api::GroupId,
@@ -9,7 +9,6 @@ use crate::internal::{
         json::{EncryptedOnceValue, PublicKey, TransformedEncryptedValue},
     },
     user_api::UserId,
-    IronOxideErr, RequestAuth, RequestErrorCode,
 };
 use serde::{Deserialize, Serialize};
 use std::convert::{TryFrom, TryInto};
@@ -292,7 +291,7 @@ pub mod document_create {
 pub mod policy_get {
     use super::*;
     use crate::{
-        internal::rest::{url_encode, PercentEncodedString},
+        internal::rest::{PercentEncodedString, url_encode},
         policy::{Category, DataSubject, PolicyGrant, Sensitivity},
     };
 
@@ -367,7 +366,7 @@ pub mod document_access {
     use super::*;
     use crate::internal::{
         auth_v2::AuthV2Builder,
-        document_api::{requests::document_access::resp::*, UserOrGroup, WithKey},
+        document_api::{UserOrGroup, WithKey, requests::document_access::resp::*},
     };
     use std::convert::TryInto;
 

src/internal/group_api.rs

@@ -1,15 +1,15 @@
 use crate::{
     crypto::transform,
     internal::{
-        self,
+        self, DeviceSigningKeyPair, IronOxideErr, PrivateKey, PublicKey, RequestAuth,
+        SchnorrSignature, TransformKey, WithKey,
         group_api::requests::{
-            group_get::group_get_request, group_list::GroupListResponse, GroupAdmin,
-            GroupUserEditResponse, User,
+            GroupAdmin, GroupUserEditResponse, User, group_get::group_get_request,
+            group_list::GroupListResponse,
         },
         rest::json::{AugmentationFactor, EncryptedOnceValue, TransformedEncryptedValue},
         user_api::{self, UserId},
-        validate_id, validate_name, DeviceSigningKeyPair, IronOxideErr, PrivateKey, PublicKey,
-        RequestAuth, SchnorrSignature, TransformKey, WithKey,
+        validate_id, validate_name,
     },
 };
 use core::convert::identity;
@@ -966,7 +966,9 @@ pub(crate) mod tests {
     fn group_id_rejects_invalid() {
         let group_id1 = GroupId::try_from("not a good ID!");
         let group_id2 = GroupId::try_from("!!");
-        let group_id3 = GroupId::try_from("01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891");
+        let group_id3 = GroupId::try_from(
+            "01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891",
+        );
 
         assert_that!(
             &group_id1.unwrap_err(),
@@ -1026,7 +1028,9 @@ pub(crate) mod tests {
 
     #[test]
     fn group_name_rejects_too_long() {
-        let group_name = GroupName::try_from("01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891");
+        let group_name = GroupName::try_from(
+            "01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567891",
+        );
 
         assert_that!(
             &group_name.unwrap_err(),
@@ -1152,9 +1156,11 @@ pub(crate) mod tests {
             })
             .collect();
         let first_admin = admin_plaintexts.first().unwrap();
-        assert!(admin_plaintexts
-            .iter()
-            .all(|text| text.bytes()[..] == first_admin.bytes()[..]));
+        assert!(
+            admin_plaintexts
+                .iter()
+                .all(|text| text.bytes()[..] == first_admin.bytes()[..])
+        );
 
         // using the first admin to test, verify that the augmentation factor plus the
         // decrypted plaintext's private key equals the group's private key

src/internal/group_api/requests.rs

@@ -1,5 +1,5 @@
 use crate::internal::{
-    self,
+    self, IronOxideErr, RequestAuth, RequestErrorCode, SchnorrSignature,
     auth_v2::AuthV2Builder,
     group_api::{
         GroupCreateResult, GroupEntity, GroupGetResult, GroupId, GroupMetaResult, GroupName, UserId,
@@ -10,7 +10,6 @@ use crate::internal::{
             Base64Standard, EncryptedOnceValue, PublicKey, TransformKey, TransformedEncryptedValue,
         },
     },
-    IronOxideErr, RequestAuth, RequestErrorCode, SchnorrSignature,
 };
 use serde::{Deserialize, Serialize};
 use std::{