From 30571cafd2949f3d769a1658695ef5c9e9c4f8e4 Mon Sep 17 00:00:00 2001 From: Vincent Prouillet Date: Fri, 19 Feb 2021 21:04:17 +0100 Subject: [PATCH] Keep RSA key error message from ring Closes #164 --- src/crypto/rsa.rs | 5 +++-- src/errors.rs | 10 +++++++--- tests/ecdsa/mod.rs | 20 ++++++-------------- tests/eddsa/mod.rs | 20 ++++++-------------- tests/hmac.rs | 12 +++--------- tests/rsa/mod.rs | 19 ++++++------------- 6 files changed, 31 insertions(+), 55 deletions(-) diff --git a/src/crypto/rsa.rs b/src/crypto/rsa.rs index df93960..d0b2f4d 100644 --- a/src/crypto/rsa.rs +++ b/src/crypto/rsa.rs @@ -39,11 +39,12 @@ pub(crate) fn sign( key: &[u8], message: &[u8], ) -> Result { - let key_pair = signature::RsaKeyPair::from_der(key).map_err(|_| ErrorKind::InvalidRsaKey)?; + let key_pair = signature::RsaKeyPair::from_der(key) + .map_err(|e| ErrorKind::InvalidRsaKey(e.description_()))?; let mut signature = vec![0; key_pair.public_modulus_len()]; let rng = rand::SystemRandom::new(); - key_pair.sign(alg, &rng, message, &mut signature).map_err(|_| ErrorKind::InvalidRsaKey)?; + key_pair.sign(alg, &rng, message, &mut signature).map_err(|_| ErrorKind::RsaFailedSigning)?; Ok(b64_encode(&signature)) } diff --git a/src/errors.rs b/src/errors.rs index c7e7ed6..403afe3 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -41,7 +41,9 @@ pub enum ErrorKind { /// When the secret given is not a valid ECDSA key InvalidEcdsaKey, /// When the secret given is not a valid RSA key - InvalidRsaKey, + InvalidRsaKey(&'static str), + /// We could not sign with the given key + RsaFailedSigning, /// When the algorithm from string doesn't match the one passed to `from_str` InvalidAlgorithmName, /// When a key is provided with an invalid format @@ -79,7 +81,8 @@ impl StdError for Error { ErrorKind::InvalidToken => None, ErrorKind::InvalidSignature => None, ErrorKind::InvalidEcdsaKey => None, - ErrorKind::InvalidRsaKey => None, + ErrorKind::RsaFailedSigning => None, + ErrorKind::InvalidRsaKey(_) => None, ErrorKind::ExpiredSignature => None, ErrorKind::InvalidIssuer => None, ErrorKind::InvalidAudience => None, @@ -102,8 +105,8 @@ impl fmt::Display for Error { ErrorKind::InvalidToken | ErrorKind::InvalidSignature | ErrorKind::InvalidEcdsaKey - | ErrorKind::InvalidRsaKey | ErrorKind::ExpiredSignature + | ErrorKind::RsaFailedSigning | ErrorKind::InvalidIssuer | ErrorKind::InvalidAudience | ErrorKind::InvalidSubject @@ -111,6 +114,7 @@ impl fmt::Display for Error { | ErrorKind::InvalidAlgorithm | ErrorKind::InvalidKeyFormat | ErrorKind::InvalidAlgorithmName => write!(f, "{:?}", self.0), + ErrorKind::InvalidRsaKey(ref msg) => write!(f, "RSA key invalid: {}", msg), ErrorKind::Json(ref err) => write!(f, "JSON error: {}", err), ErrorKind::Utf8(ref err) => write!(f, "UTF-8 error: {}", err), ErrorKind::Crypto(ref err) => write!(f, "Crypto error: {}", err), diff --git a/tests/ecdsa/mod.rs b/tests/ecdsa/mod.rs index 0f26ae0..7637d90 100644 --- a/tests/ecdsa/mod.rs +++ b/tests/ecdsa/mod.rs @@ -18,15 +18,10 @@ fn round_trip_sign_verification_pk8() { let pubkey = include_bytes!("public_ecdsa_key.pk8"); let encrypted = - sign(b"hello world", &EncodingKey::from_ec_der(privkey), Algorithm::ES256) + sign(b"hello world", &EncodingKey::from_ec_der(privkey), Algorithm::ES256).unwrap(); + let is_valid = + verify(&encrypted, b"hello world", &DecodingKey::from_ec_der(pubkey), Algorithm::ES256) .unwrap(); - let is_valid = verify( - &encrypted, - b"hello world", - &DecodingKey::from_ec_der(pubkey), - Algorithm::ES256, - ) - .unwrap(); assert!(is_valid); } @@ -34,12 +29,9 @@ fn round_trip_sign_verification_pk8() { fn round_trip_sign_verification_pem() { let privkey_pem = include_bytes!("private_ecdsa_key.pem"); let pubkey_pem = include_bytes!("public_ecdsa_key.pem"); - let encrypted = sign( - b"hello world", - &EncodingKey::from_ec_pem(privkey_pem).unwrap(), - Algorithm::ES256, - ) - .unwrap(); + let encrypted = + sign(b"hello world", &EncodingKey::from_ec_pem(privkey_pem).unwrap(), Algorithm::ES256) + .unwrap(); let is_valid = verify( &encrypted, b"hello world", diff --git a/tests/eddsa/mod.rs b/tests/eddsa/mod.rs index 4430345..819de0d 100644 --- a/tests/eddsa/mod.rs +++ b/tests/eddsa/mod.rs @@ -18,15 +18,10 @@ fn round_trip_sign_verification_pk8() { let pubkey = include_bytes!("public_ed25519_key.pk8"); let encrypted = - sign(b"hello world", &EncodingKey::from_ed_der(privkey), Algorithm::EdDSA) + sign(b"hello world", &EncodingKey::from_ed_der(privkey), Algorithm::EdDSA).unwrap(); + let is_valid = + verify(&encrypted, b"hello world", &DecodingKey::from_ed_der(pubkey), Algorithm::EdDSA) .unwrap(); - let is_valid = verify( - &encrypted, - b"hello world", - &DecodingKey::from_ed_der(pubkey), - Algorithm::EdDSA, - ) - .unwrap(); assert!(is_valid); } @@ -34,12 +29,9 @@ fn round_trip_sign_verification_pk8() { fn round_trip_sign_verification_pem() { let privkey_pem = include_bytes!("private_ed25519_key.pem"); let pubkey_pem = include_bytes!("public_ed25519_key.pem"); - let encrypted = sign( - b"hello world", - &EncodingKey::from_ed_pem(privkey_pem).unwrap(), - Algorithm::EdDSA, - ) - .unwrap(); + let encrypted = + sign(b"hello world", &EncodingKey::from_ed_pem(privkey_pem).unwrap(), Algorithm::EdDSA) + .unwrap(); let is_valid = verify( &encrypted, b"hello world", diff --git a/tests/hmac.rs b/tests/hmac.rs index 9286187..4ab65b2 100644 --- a/tests/hmac.rs +++ b/tests/hmac.rs @@ -17,8 +17,7 @@ pub struct Claims { #[test] fn sign_hs256() { let result = - sign(b"hello world", &EncodingKey::from_secret(b"secret"), Algorithm::HS256) - .unwrap(); + sign(b"hello world", &EncodingKey::from_secret(b"secret"), Algorithm::HS256).unwrap(); let expected = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo"; assert_eq!(result, expected); } @@ -26,13 +25,8 @@ fn sign_hs256() { #[test] fn verify_hs256() { let sig = "c0zGLzKEFWj0VxWuufTXiRMk5tlI5MbGDAYhzaxIYjo"; - let valid = verify( - sig, - b"hello world", - &DecodingKey::from_secret(b"secret"), - Algorithm::HS256, - ) - .unwrap(); + let valid = verify(sig, b"hello world", &DecodingKey::from_secret(b"secret"), Algorithm::HS256) + .unwrap(); assert!(valid); } diff --git a/tests/rsa/mod.rs b/tests/rsa/mod.rs index 2dc864f..fa1f80a 100644 --- a/tests/rsa/mod.rs +++ b/tests/rsa/mod.rs @@ -28,8 +28,7 @@ fn round_trip_sign_verification_pem_pkcs1() { for &alg in RSA_ALGORITHMS { let encrypted = - sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg) - .unwrap(); + sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg).unwrap(); let is_valid = verify( &encrypted, b"hello world", @@ -48,8 +47,7 @@ fn round_trip_sign_verification_pem_pkcs8() { for &alg in RSA_ALGORITHMS { let encrypted = - sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg) - .unwrap(); + sign(b"hello world", &EncodingKey::from_rsa_pem(privkey_pem).unwrap(), alg).unwrap(); let is_valid = verify( &encrypted, b"hello world", @@ -67,15 +65,10 @@ fn round_trip_sign_verification_der() { let pubkey_der = include_bytes!("public_rsa_key.der"); for &alg in RSA_ALGORITHMS { - let encrypted = - sign(b"hello world", &EncodingKey::from_rsa_der(privkey_der), alg).unwrap(); - let is_valid = verify( - &encrypted, - b"hello world", - &DecodingKey::from_rsa_der(pubkey_der), - alg, - ) - .unwrap(); + let encrypted = sign(b"hello world", &EncodingKey::from_rsa_der(privkey_der), alg).unwrap(); + let is_valid = + verify(&encrypted, b"hello world", &DecodingKey::from_rsa_der(pubkey_der), alg) + .unwrap(); assert!(is_valid); } }