1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
use std::array::TryFromSliceError;
use thiserror::Error;
/// Potential errors from attempting to build a token claim
///
/// # Deprecated
///
/// This error type is deprecated. Use [`crate::Error`] instead for new code.
/// It will be removed in a future major version.
#[deprecated(
since = "0.10.0",
note = "Use rusty_paseto::Error instead. This type will be removed in a future major version."
)]
#[derive(Debug, Error)]
pub enum PasetoError {
///A general, unspecified (for security reasons) cipher error
#[error("A cipher error occurred")]
PasetoCipherError(Box<PasetoError>),
///A general, unspecified (for security reasons) cipher error
#[error("An unspecified cryption error occured")]
Cryption,
///A problem generating a signature
#[error("Key was not in the correct format")]
InvalidKey,
///A problem generating a signature
#[error("Could not assemble final signature.")]
Signature,
/// Occurs when a private RSA key is not in pkcs#8 format
#[error("A private RSA key was not in the correct format")]
KeyRejected {
///Surfaces key rejection errors from ring
#[from]
source: ring::error::KeyRejected,
},
///A general, unspecified (for security reasons) cipher error
#[error("An unspecified cipher error occurred")]
Cipher {
///Surfaces unspecified errors from ring
#[from]
source: ring::error::Unspecified,
},
#[cfg(feature = "ed25519-dalek")]
///An RSA cipher error
#[error("An unspecified cipher error occurred")]
RsaCipher {
///An RSA cipher error
#[from]
source: ed25519_dalek::ed25519::Error,
},
#[cfg(feature = "p384")]
///An ECSDA cipher error
#[error("An unspecified ECSDA error occurred")]
ECSDAError {
///An ECSDA cipher error
#[from]
source: p384::ecdsa::Error,
},
#[cfg(feature = "blake2")]
///An RSA cipher error
#[error("An unspecified cipher error occurred")]
InvalidLength {
///An RSA cipher error
#[from]
source: blake2::digest::InvalidLength,
},
///Occurs when a signature fails verification
#[error("The token signature could not be verified")]
InvalidSignature,
#[error("A slice conversion error occurred")]
TryFromSlice {
///Surfaces errors from slice conversion attempts
#[from]
source: TryFromSliceError,
},
///Occurs when an untrusted token string is unable to be parsed into its constituent parts
#[error("This string has an incorrect number of parts and cannot be parsed into a token")]
IncorrectSize,
///Occurs when an incorrect header is provided on an untrusted token string
#[error("The token header is invalid")]
WrongHeader,
///Occurs when an incorrect footer was passed in an attempt to parse an untrusted token string
#[error("The provided footer is invalid")]
FooterInvalid,
///Occurs when a base64 encoded payload cannot be decoded
#[error("A base64 decode error occurred")]
PayloadBase64Decode {
///Surfaced from the base64 crate
#[from]
source: base64::DecodeError,
},
///Occurs when a string fails parsing as Utf8
#[error("A Utf8 parsing error occurred")]
Utf8Error {
///Surfaced from `std::str::Utf8Error`
#[from]
source: std::str::Utf8Error,
},
///A cipher error from the `ChaCha` algorithm
#[error("An unspecified cipher error occurred")]
ChaChaCipherError,
/// An infallible error (included for From implementation completeness)
#[error("An infallible error occurred")]
Infallible {
/// An infallible error
#[from]
source: std::convert::Infallible,
},
///Occurs when a string fails conversion from Utf8
#[error("A Utf8 parsing error occurred")]
FromUtf8Error {
///Surfaced from `std::string::FromUtf8Error`
#[from]
source: std::string::FromUtf8Error,
},
///Occurs when an untrusted token exceeds the maximum permitted size.
///
///Prevents DoS via oversized inputs that would otherwise be base64-decoded
///and fed into PAE construction before MAC verification fails. See
///[`crate::core::Paseto::MAX_TOKEN_SIZE`].
#[error("Token exceeds maximum permitted size")]
TokenTooLarge,
///Occurs when a token's footer exceeds the maximum permitted size.
///
///The PASETO specification recommends footers be kept small (≤ 1024 bytes).
///See [`crate::core::Paseto::MAX_FOOTER_SIZE`].
#[error("Footer exceeds maximum permitted size")]
FooterTooLarge,
}