1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

use ockam_core::{
    errcode::{Kind, Origin},
    Error,
};

/// Represents the failures that can occur in
/// an Ockam vault
#[derive(Clone, Copy, Debug)]
pub enum VaultError {
    /// Secret does not belong to this vault
    SecretFromAnotherVault = 1,
    /// Public key is invalid
    InvalidPublicKey,
    /// Unknown ECDH key type
    UnknownEcdhKeyType,
    /// Invalid key type
    InvalidKeyType,
    /// Entry not found
    EntryNotFound,
    /// Invalid AES key length
    InvalidAesKeyLength,
    /// Invalid Secret length
    InvalidSecretLength,
    /// Invalid HKDF output type
    InvalidHkdfOutputType,
    /// Invalid private key length
    InvalidPrivateKeyLen,
    /// AES encryption failed
    AeadAesGcmEncrypt,
    /// AES decryption failed
    AeadAesGcmDecrypt,
    /// HKDF key expansion failed
    HkdfExpandError,
    /// Secret not found
    SecretNotFound,
    /// Invalid X25519 secret length
    InvalidX25519SecretLength,
    /// Invalid Ed25519 secret
    InvalidEd25519Secret,
    /// Invalid BLS secret length
    InvalidBlsSecretLength,
    /// Invalid BLS secret
    InvalidBlsSecret,
    /// Invalid Secret Attributes
    InvalidSecretAttributes,
    /// IO error
    StorageError,
    /// Invalid Storage data
    InvalidStorageData,
}

impl ockam_core::compat::error::Error for VaultError {}
impl core::fmt::Display for VaultError {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        match self {
            Self::SecretFromAnotherVault => write!(f, "secret does not belong to this vault"),
            Self::InvalidPublicKey => write!(f, "public key is invalid"),
            Self::UnknownEcdhKeyType => write!(f, "unknown ECDH key type"),
            Self::InvalidKeyType => write!(f, "invalid key type"),
            Self::EntryNotFound => write!(f, "entry not found"),
            Self::InvalidAesKeyLength => write!(f, "invalid AES key length"),
            Self::InvalidSecretLength => write!(f, "invalid secret length"),
            Self::InvalidHkdfOutputType => write!(f, "invalid HKDF outputtype"),
            Self::InvalidPrivateKeyLen => write!(f, "invalid private key length"),
            Self::AeadAesGcmEncrypt => write!(f, "aes encryption failed"),
            Self::AeadAesGcmDecrypt => write!(f, "aes decryption failed"),
            Self::HkdfExpandError => write!(f, "hkdf key expansion failed"),
            Self::SecretNotFound => write!(f, "secret not found"),
            Self::InvalidX25519SecretLength => write!(f, "invalid X25519 secret length"),
            Self::InvalidEd25519Secret => write!(f, "invalid Ed25519 secret"),
            Self::InvalidBlsSecretLength => write!(f, "invalid BLS secret length"),
            Self::InvalidBlsSecret => write!(f, "invalid BLS secret"),
            Self::InvalidSecretAttributes => write!(f, "invalid secret attributes"),
            Self::StorageError => write!(f, "invalid storage"),
            Self::InvalidStorageData => write!(f, "invalid storage data"),
        }
    }
}

impl From<VaultError> for Error {
    #[track_caller]
    fn from(err: VaultError) -> Self {
        use VaultError::*;
        let kind = match err {
            SecretFromAnotherVault
            | InvalidPublicKey
            | InvalidKeyType
            | InvalidAesKeyLength
            | InvalidHkdfOutputType
            | InvalidPrivateKeyLen
            | InvalidX25519SecretLength => Kind::Misuse,
            UnknownEcdhKeyType | EntryNotFound | SecretNotFound => Kind::NotFound,
            _ => Kind::Invalid,
        };

        Error::new(Origin::Vault, kind, err)
    }
}