metamorphic_crypto/error.rs
1//! Error types for the crypto library.
2
3use thiserror::Error;
4
5/// All possible errors from cryptographic operations.
6#[derive(Debug, Error)]
7pub enum CryptoError {
8 /// Base64 decoding failed.
9 #[error("base64 decode: {0}")]
10 Base64(#[from] base64::DecodeError),
11
12 /// Decryption failed (wrong key, corrupted ciphertext, or MAC mismatch).
13 #[error("decryption failed: invalid ciphertext or wrong key")]
14 Decryption,
15
16 /// A key or salt has the wrong byte length.
17 #[error("invalid length: expected {expected} bytes, got {got}")]
18 InvalidLength {
19 /// Expected byte count.
20 expected: usize,
21 /// Actual byte count.
22 got: usize,
23 },
24
25 /// Ciphertext is too short to contain the expected components.
26 #[error("ciphertext too short to be valid")]
27 TooShort,
28
29 /// The key_hash string is not in the expected `{salt}$argon2id` format.
30 #[error("invalid key_hash format (expected `salt$argon2id`)")]
31 InvalidKeyHash,
32
33 /// A recovery key contains characters outside the allowed base32 alphabet.
34 #[error("invalid recovery key character")]
35 InvalidRecoveryKey,
36
37 /// The Argon2id key derivation failed.
38 #[error("key derivation failed: {0}")]
39 Kdf(String),
40
41 /// An HKDF (RFC 5869) extract/expand operation failed — in practice only
42 /// when the requested output length exceeds `255 * HashLen`.
43 #[error("hkdf: {0}")]
44 Hkdf(String),
45
46 /// An error in the hybrid PQ KEM layer.
47 #[error("hybrid KEM: {0}")]
48 Hybrid(String),
49
50 /// An error in the hybrid PQ signature layer.
51 #[error("signature: {0}")]
52 Signature(String),
53
54 /// An error in the verifiable random function (ECVRF) layer that is not a
55 /// plain length mismatch — e.g. a proof component that is not a valid curve
56 /// point, or hash-to-curve exhausting its counter budget. A *verification*
57 /// failure of an otherwise well-formed proof is reported as `Ok(None)` from
58 /// `ecvrf_verify`, not as this error.
59 #[error("vrf: {0}")]
60 Vrf(String),
61
62 /// Decrypted bytes are not valid UTF-8.
63 #[error("UTF-8: {0}")]
64 Utf8(#[from] std::string::FromUtf8Error),
65}