aitp_crypto/error.rs
1//! Crypto error type.
2
3/// Errors returned by signing, verifying, and key parsing operations.
4#[derive(Debug, thiserror::Error)]
5#[non_exhaustive]
6pub enum CryptoError {
7 /// Signature verification returned a cryptographic failure.
8 #[error("signature verification failed")]
9 SignatureInvalid,
10
11 /// Signature string was not valid base64url or wrong length.
12 #[error("signature parsing failed: {0}")]
13 SignatureMalformed(String),
14
15 /// Public key bytes could not be parsed as an Ed25519 key.
16 #[error("public key parsing failed: {0}")]
17 KeyParseFailed(String),
18
19 /// AID identifier did not decode to a valid 32-byte Ed25519 key.
20 #[error("AID does not yield a valid Ed25519 public key: {0}")]
21 AidNotEd25519(String),
22
23 /// Compact-JWS header `alg` is not the sole value derived from the
24 /// signer's AID (RFC-AITP-0001 §5.4.5). Includes `none` in any
25 /// capitalization and unknown algorithms. Wire code:
26 /// `TOKEN_ALG_MISMATCH`.
27 #[error("JWS alg header does not match the signer AID's algorithm: {0}")]
28 AlgMismatch(String),
29
30 /// Compact-JWS header `typ` does not exactly match the value
31 /// expected for the verification context (RFC-AITP-0001 §5.4.5).
32 /// Wire code: `TOKEN_TYP_MISMATCH`.
33 #[error("JWS typ header mismatch: expected {expected}, got {got}")]
34 TypMismatch {
35 /// The `typ` value required by the verification context.
36 expected: String,
37 /// The `typ` value found in the protected header.
38 got: String,
39 },
40
41 /// Compact JWS failed strict parsing (RFC-AITP-0001 §5.4.5):
42 /// wrong segment count, empty segment, non-base64url characters,
43 /// padding, or a malformed protected header.
44 #[error("compact JWS malformed: {0}")]
45 JwsMalformed(String),
46}