Keep RSA key error message from ring

Closes #164
2021-02-19 21:04:17 +01:00 · 2021-02-19 21:04:17 +01:00 · 30571cafd2
parent 2662f6ad1f
commit 30571cafd2
6 changed files with 31 additions and 55 deletions
--- a/src/crypto/rsa.rs
+++ b/src/crypto/rsa.rs
@ -39,11 +39,12 @@ pub(crate) fn sign(
    key: &[u8],
    message: &[u8],
 ) -> Result<String> {
-    let key_pair = signature::RsaKeyPair::from_der(key).map_err(|_| ErrorKind::InvalidRsaKey)?;
+    let key_pair = signature::RsaKeyPair::from_der(key)
+        .map_err(|e| ErrorKind::InvalidRsaKey(e.description_()))?;

    let mut signature = vec![0; key_pair.public_modulus_len()];
    let rng = rand::SystemRandom::new();
-    key_pair.sign(alg, &rng, message, &mut signature).map_err(|_| ErrorKind::InvalidRsaKey)?;
+    key_pair.sign(alg, &rng, message, &mut signature).map_err(|_| ErrorKind::RsaFailedSigning)?;

    Ok(b64_encode(&signature))
 }
--- a/src/errors.rs
+++ b/src/errors.rs
@ -41,7 +41,9 @@ pub enum ErrorKind {
    /// When the secret given is not a valid ECDSA key
    InvalidEcdsaKey,
    /// When the secret given is not a valid RSA key
-    InvalidRsaKey,
+    InvalidRsaKey(&'static str),
+    /// We could not sign with the given key
+    RsaFailedSigning,
    /// When the algorithm from string doesn't match the one passed to `from_str`
    InvalidAlgorithmName,
    /// When a key is provided with an invalid format
@ -79,7 +81,8 @@ impl StdError for Error {
            ErrorKind::InvalidToken => None,
            ErrorKind::InvalidSignature => None,
            ErrorKind::InvalidEcdsaKey => None,
-            ErrorKind::InvalidRsaKey => None,
+            ErrorKind::RsaFailedSigning => None,
+            ErrorKind::InvalidRsaKey(_) => None,
            ErrorKind::ExpiredSignature => None,
            ErrorKind::InvalidIssuer => None,
            ErrorKind::InvalidAudience => None,
@ -102,8 +105,8 @@ impl fmt::Display for Error {
            ErrorKind::InvalidToken
            | ErrorKind::InvalidSignature
            | ErrorKind::InvalidEcdsaKey
-            | ErrorKind::InvalidRsaKey
            | ErrorKind::ExpiredSignature
+            | ErrorKind::RsaFailedSigning
            | ErrorKind::InvalidIssuer
            | ErrorKind::InvalidAudience
            | ErrorKind::InvalidSubject
@ -111,6 +114,7 @@ impl fmt::Display for Error {
            | ErrorKind::InvalidAlgorithm
            | ErrorKind::InvalidKeyFormat
            | ErrorKind::InvalidAlgorithmName => write!(f, "{:?}", self.0),
+            ErrorKind::InvalidRsaKey(ref msg) => write!(f, "RSA key invalid: {}", msg),
            ErrorKind::Json(ref err) => write!(f, "JSON error: {}", err),
            ErrorKind::Utf8(ref err) => write!(f, "UTF-8 error: {}", err),
            ErrorKind::Crypto(ref err) => write!(f, "Crypto error: {}", err),
--- a/tests/ecdsa/mod.rs
+++ b/tests/ecdsa/mod.rs
@ -18,15 +18,10 @@ fn round_trip_sign_verification_pk8() {
    let pubkey = include_bytes!("public_ecdsa_key.pk8");

    let encrypted =
-        sign(b"hello world", &EncodingKey::from_ec_der(privkey), Algorithm::ES256)
+        sign(b"hello world", &EncodingKey::from_ec_der(privkey), Algorithm::ES256).unwrap();
+    let is_valid =
+        verify(&encrypted, b"hello world", &DecodingKey::from_ec_der(pubkey), Algorithm::ES256)
            .unwrap();
-    let is_valid = verify(
-        &encrypted,
-        b"hello world",
-        &DecodingKey::from_ec_der(pubkey),
-        Algorithm::ES256,
-    )
-    .unwrap();
    assert!(is_valid);
 }

@ -34,12 +29,9 @@ fn round_trip_sign_verification_pk8() {
 fn round_trip_sign_verification_pem() {
    let privkey_pem = include_bytes!("private_ecdsa_key.pem");
    let pubkey_pem = include_bytes!("public_ecdsa_key.pem");
-    let encrypted = sign(
-        b"hello world",
-        &EncodingKey::from_ec_pem(privkey_pem).unwrap(),
-        Algorithm::ES256,
-    )
-    .unwrap();
+    let encrypted =
+        sign(b"hello world", &EncodingKey::from_ec_pem(privkey_pem).unwrap(), Algorithm::ES256)
+            .unwrap();
    let is_valid = verify(
        &encrypted,
        b"hello world",
--- a/tests/eddsa/mod.rs
+++ b/tests/eddsa/mod.rs
@ -18,15 +18,10 @@ fn round_trip_sign_verification_pk8() {
    let pubkey = include_bytes!("public_ed25519_key.pk8");

    let encrypted =
-        sign(b"hello world", &EncodingKey::from_ed_der(privkey), Algorithm::EdDSA)
+        sign(b"hello world", &EncodingKey::from_ed_der(privkey), Algorithm::EdDSA).unwrap();
+    let is_valid =
+        verify(&encrypted, b"hello world", &DecodingKey::from_ed_der(pubkey), Algorithm::EdDSA)
            .unwrap();
-    let is_valid = verify(
-        &encrypted,
-        b"hello world",
-        &DecodingKey::from_ed_der(pubkey),
-        Algorithm::EdDSA,
-    )
-    .unwrap();
    assert!(is_valid);
 }

@ -34,12 +29,9 @@ fn round_trip_sign_verification_pk8() {
 fn round_trip_sign_verification_pem() {
    let privkey_pem = include_bytes!("private_ed25519_key.pem");
    let pubkey_pem = include_bytes!("public_ed25519_key.pem");
-    let encrypted = sign(
-        b"hello world",
-        &EncodingKey::from_ed_pem(privkey_pem).unwrap(),
-        Algorithm::EdDSA,
-    )
-    .unwrap();
+    let encrypted =
+        sign(b"hello world", &EncodingKey::from_ed_pem(privkey_pem).unwrap(), Algorithm::EdDSA)
+            .unwrap();
    let is_valid = verify(
        &encrypted,
        b"hello world",
--- a/tests/hmac.rs
+++ b/tests/hmac.rs
@ -17,8 +17,7 @@ pub struct Claims {
 #[test]
 fn sign_hs256() {
    let result =
-        sign(b"hello world", &EncodingKey::from_secret(b"secret"), Algorithm::HS256)
-            .unwrap();
+        sign(b"hello world", &EncodingKey::from_secret(b"secret"), Algorithm::HS256).unwrap();
    let expected = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
    assert_eq!(result, expected);
 }
@ -26,13 +25,8 @@ fn sign_hs256() {
 #[test]
 fn verify_hs256() {
    let sig = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo";
-    let valid = verify(
-        sig,
-        b"hello world",
-        &DecodingKey::from_secret(b"secret"),
-        Algorithm::HS256,
-    )
-    .unwrap();
+    let valid = verify(sig, b"hello world", &DecodingKey::from_secret(b"secret"), Algorithm::HS256)
+        .unwrap();
    assert!(valid);
 }

--- a/tests/rsa/mod.rs
+++ b/tests/rsa/mod.rs
@ -28,8 +28,7 @@ fn round_trip_sign_verification_pem_pkcs1() {

    for &alg in RSA_ALGORITHMS {
        let encrypted =
-            sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg)
-                .unwrap();
+            sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg).unwrap();
        let is_valid = verify(
            &encrypted,
            b"hello world",
@ -48,8 +47,7 @@ fn round_trip_sign_verification_pem_pkcs8() {

    for &alg in RSA_ALGORITHMS {
        let encrypted =
-            sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg)
-                .unwrap();
+            sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg).unwrap();
        let is_valid = verify(
            &encrypted,
            b"hello world",
@ -67,15 +65,10 @@ fn round_trip_sign_verification_der() {
    let pubkey_der = include_bytes!("public_rsa_key.der");

    for &alg in RSA_ALGORITHMS {
-        let encrypted =
-            sign(b"hello world", &EncodingKey::from_rsa_der(privkey_der), alg).unwrap();
-        let is_valid = verify(
-            &encrypted,
-            b"hello world",
-            &DecodingKey::from_rsa_der(pubkey_der),
-            alg,
-        )
-        .unwrap();
+        let encrypted = sign(b"hello world", &EncodingKey::from_rsa_der(privkey_der), alg).unwrap();
+        let is_valid =
+            verify(&encrypted, b"hello world", &DecodingKey::from_rsa_der(pubkey_der), alg)
+                .unwrap();
        assert!(is_valid);
    }
 }