crypto/
error.rs

1// SPDX-License-Identifier: Apache-2.0
2//! Error types for cryptographic signing.
3
4use std::path::PathBuf;
5
6/// Error type for signer operations.
7#[derive(Debug)]
8pub enum SignerError {
9    UnsupportedAlgorithm(String),
10    UnknownKeyFormat,
11    InvalidKey(String),
12    InvalidSignature(String),
13    InvalidPublicKey(String),
14    Io(std::io::Error),
15    Pem(String),
16    Ed25519(String),
17    Rsa(String),
18    P256(String),
19    Pkcs8(String),
20    KeyNotFound(PathBuf),
21    InsecureKeyPermissions { path: PathBuf, mode: u32 },
22    VerificationFailed,
23}
24
25impl std::fmt::Display for SignerError {
26    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
27        match self {
28            SignerError::UnsupportedAlgorithm(algo) => {
29                write!(f, "unsupported signature algorithm: {}", algo)
30            }
31            SignerError::UnknownKeyFormat => write!(f, "unknown or unsupported key format"),
32            SignerError::InvalidKey(msg) => write!(f, "invalid key: {}", msg),
33            SignerError::InvalidSignature(msg) => write!(f, "invalid signature: {}", msg),
34            SignerError::InvalidPublicKey(msg) => write!(f, "invalid public key: {}", msg),
35            SignerError::Io(e) => write!(f, "I/O error: {}", e),
36            SignerError::Pem(msg) => write!(f, "PEM error: {}", msg),
37            SignerError::Ed25519(msg) => write!(f, "Ed25519 error: {}", msg),
38            SignerError::Rsa(msg) => write!(f, "RSA error: {}", msg),
39            SignerError::P256(msg) => write!(f, "P256 error: {}", msg),
40            SignerError::Pkcs8(msg) => write!(f, "PKCS8 error: {}", msg),
41            SignerError::KeyNotFound(path) => write!(f, "key file not found: {}", path.display()),
42            SignerError::InsecureKeyPermissions { path, mode } => write!(
43                f,
44                "private key file {} is group/world-accessible (mode {mode:04o}, required 0600 \
45                 or stricter); fix with: chmod 600 {}",
46                path.display(),
47                path.display()
48            ),
49            SignerError::VerificationFailed => write!(f, "signature verification failed"),
50        }
51    }
52}
53
54impl std::error::Error for SignerError {
55    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
56        match self {
57            SignerError::Io(e) => Some(e),
58            _ => None,
59        }
60    }
61}
62
63impl From<std::io::Error> for SignerError {
64    fn from(e: std::io::Error) -> Self {
65        SignerError::Io(e)
66    }
67}
68
69impl From<ed25519_dalek::SignatureError> for SignerError {
70    fn from(e: ed25519_dalek::SignatureError) -> Self {
71        SignerError::Ed25519(e.to_string())
72    }
73}
74
75impl From<rsa::Error> for SignerError {
76    fn from(e: rsa::Error) -> Self {
77        SignerError::Rsa(e.to_string())
78    }
79}
80
81impl From<pkcs8::Error> for SignerError {
82    fn from(e: pkcs8::Error) -> Self {
83        SignerError::Pkcs8(e.to_string())
84    }
85}
86
87impl From<pkcs8::spki::Error> for SignerError {
88    fn from(e: pkcs8::spki::Error) -> Self {
89        SignerError::Pkcs8(e.to_string())
90    }
91}
92
93impl From<sec1::Error> for SignerError {
94    fn from(e: sec1::Error) -> Self {
95        SignerError::Pem(e.to_string())
96    }
97}
crypto/error.rs

crypto/
error.rs
