Fix clippy errors

Author: quexten

crates/bitwarden-crypto/examples/protect_key_with_password.rs

@@ -22,39 +22,52 @@ fn main() {
     // Alice has a vault protected with a symmetric key. She wants this protected with a PIN.
     let vault_key = ctx
         .generate_symmetric_key(ExampleSymmetricKey::VaultKey)
-        .unwrap();
+        .expect("Generating vault key should work");
 
     // Seal the key with the PIN
     // The KDF settings are chosen for you, and do not need to be separately tracked or synced
     // Next, story this protected key envelope on disk.
     let pin = "1234";
     let envelope =
         PasswordProtectedKeyEnvelope::seal(vault_key, pin, &ctx).expect("Sealing should work");
-    disk.save("vault_key_envelope", (&envelope).try_into().unwrap());
+    disk.save(
+        "vault_key_envelope",
+        (&envelope).try_into().expect("Saving envelope should work"),
+    );
 
     // Wipe the context to simulate new session
     ctx.clear_local();
 
     // Load the envelope from disk and unseal it with the PIN, and store it in the context.
     let deserialized: PasswordProtectedKeyEnvelope<ExampleIds> =
-        PasswordProtectedKeyEnvelope::try_from(disk.load("vault_key_envelope").unwrap()).unwrap();
+        PasswordProtectedKeyEnvelope::try_from(
+            disk.load("vault_key_envelope")
+                .expect("Loading from disk should work"),
+        )
+        .expect("Deserializing envelope should work");
     deserialized
         .unseal(ExampleSymmetricKey::VaultKey, pin, &mut ctx)
-        .unwrap();
+        .expect("Unsealing should work");
 
     // Alice wants to change her password; also her KDF settings are below the minimums.
     // Re-sealing will update the password, and KDF settings.
     let envelope = envelope
         .reseal(pin, "0000")
         .expect("The password should be valid");
-    disk.save("vault_key_envelope", (&envelope).try_into().unwrap());
+    disk.save(
+        "vault_key_envelope",
+        (&envelope).try_into().expect("Saving envelope should work"),
+    );
 
     // Alice wants to change the protected key. This requires creating a new envelope
     ctx.generate_symmetric_key(ExampleSymmetricKey::VaultKey)
-        .unwrap();
+        .expect("Generating vault key should work");
     let envelope = PasswordProtectedKeyEnvelope::seal(ExampleSymmetricKey::VaultKey, "0000", &ctx)
         .expect("Sealing should work");
-    disk.save("vault_key_envelope", (&envelope).try_into().unwrap());
+    disk.save(
+        "vault_key_envelope",
+        (&envelope).try_into().expect("Saving envelope should work"),
+    );
 
     // Alice tries the password but it is wrong
     assert!(matches!(

crates/bitwarden-crypto/src/safe/password_protected_key_envelope.rs

@@ -123,7 +123,8 @@ impl<Ids: KeyIds> PasswordProtectedKeyEnvelope<Ids> {
     ) -> Result<Ids::Symmetric, PasswordProtectedKeyEnvelopeError> {
         let key = self.unseal_ref(password)?;
         #[allow(deprecated)]
-        ctx.set_symmetric_key(target_keyslot, key).unwrap();
+        ctx.set_symmetric_key(target_keyslot, key)
+            .map_err(|_| PasswordProtectedKeyEnvelopeError::KeyStoreError)?;
         Ok(target_keyslot)
     }
 
@@ -156,16 +157,20 @@ impl<Ids: KeyIds> PasswordProtectedKeyEnvelope<Ids> {
             })?;
         let envelope_key = derive_key(&kdf_settings, password)
             .map_err(|_| PasswordProtectedKeyEnvelopeError::KdfError)?;
+        let nonce: [u8; 24] = self
+            .cose_encrypt
+            .unprotected
+            .iv
+            .clone()
+            .try_into()
+            .map_err(|_| {
+                PasswordProtectedKeyEnvelopeError::ParsingError("Invalid IV".to_string())
+            })?;
 
         let key_bytes = self
             .cose_encrypt
             .decrypt(&[], |data, aad| {
-                xchacha20::decrypt_xchacha20_poly1305(
-                    &self.cose_encrypt.unprotected.iv.clone().try_into().unwrap(),
-                    &envelope_key,
-                    data,
-                    aad,
-                )
+                xchacha20::decrypt_xchacha20_poly1305(&nonce, &envelope_key, data, aad)
             })
             // If decryption fails, the envelope-key is incorrect and thus the password is incorrect
             // since the KDF parameters & salt are guaranteed to be correct
@@ -263,13 +268,16 @@ impl Argon2RawSettings {
     }
 }
 
-impl Into<Header> for &Argon2RawSettings {
-    fn into(self) -> Header {
+impl From<&Argon2RawSettings> for Header {
+    fn from(settings: &Argon2RawSettings) -> Header {
         let builder = HeaderBuilder::new()
-            .value(ARGON2_ITERATIONS, Integer::from(self.iterations).into())
-            .value(ARGON2_MEMORY, Integer::from(self.memory).into())
-            .value(ARGON2_PARALLELISM, Integer::from(self.parallelism).into())
-            .value(ARGON2_SALT, Value::from(self.salt.to_vec()));
+            .value(ARGON2_ITERATIONS, Integer::from(settings.iterations).into())
+            .value(ARGON2_MEMORY, Integer::from(settings.memory).into())
+            .value(
+                ARGON2_PARALLELISM,
+                Integer::from(settings.parallelism).into(),
+            )
+            .value(ARGON2_SALT, Value::from(settings.salt.to_vec()));
 
         let mut header = builder.build();
         header.alg = Some(coset::Algorithm::PrivateUse(ALG_ARGON2ID13));
@@ -345,6 +353,9 @@ pub enum PasswordProtectedKeyEnvelopeError {
     /// There is no key for the provided key id in the key store
     #[error("Key missing error")]
     KeyMissingError,
+    /// The key store could not be written to, for example due to being read-only
+    #[error("Could not write to key store")]
+    KeyStoreError,
 }
 
 impl From<CoseExtractError> for PasswordProtectedKeyEnvelopeError {