1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
use ockam_core::compat::string::String;
use ockam_core::{
errcode::{Kind, Origin},
Error,
};
#[derive(Clone, Debug)]
pub enum VaultError {
SecretFromAnotherVault,
InvalidPublicKey,
UnknownEcdhKeyType,
InvalidKeyType,
EntryNotFound(String),
InvalidAesKeyLength,
InvalidSecretLength,
InvalidHkdfOutputType,
InvalidPrivateKeyLen,
AeadAesGcmEncrypt,
AeadAesGcmDecrypt,
HkdfExpandError,
SecretNotFound,
InvalidX25519SecretLength,
InvalidEd25519Secret,
InvalidSecretAttributes,
StorageError,
InvalidStorageData,
}
impl ockam_core::compat::error::Error for VaultError {}
impl core::fmt::Display for VaultError {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
match self {
Self::SecretFromAnotherVault => write!(f, "secret does not belong to this vault"),
Self::InvalidPublicKey => write!(f, "public key is invalid"),
Self::UnknownEcdhKeyType => write!(f, "unknown ECDH key type"),
Self::InvalidKeyType => write!(f, "invalid key type"),
Self::EntryNotFound(entry) => write!(f, "entry not found {entry}"),
Self::InvalidAesKeyLength => write!(f, "invalid AES key length"),
Self::InvalidSecretLength => write!(f, "invalid secret length"),
Self::InvalidHkdfOutputType => write!(f, "invalid HKDF outputtype"),
Self::InvalidPrivateKeyLen => write!(f, "invalid private key length"),
Self::AeadAesGcmEncrypt => write!(f, "aes encryption failed"),
Self::AeadAesGcmDecrypt => write!(f, "aes decryption failed"),
Self::HkdfExpandError => write!(f, "hkdf key expansion failed"),
Self::SecretNotFound => write!(f, "secret not found"),
Self::InvalidX25519SecretLength => write!(f, "invalid X25519 secret length"),
Self::InvalidEd25519Secret => write!(f, "invalid Ed25519 secret"),
Self::InvalidSecretAttributes => write!(f, "invalid secret attributes"),
Self::StorageError => write!(f, "invalid storage"),
Self::InvalidStorageData => write!(f, "invalid storage data"),
}
}
}
impl From<VaultError> for Error {
#[track_caller]
fn from(err: VaultError) -> Self {
use VaultError::*;
let kind = match err {
SecretFromAnotherVault
| InvalidPublicKey
| InvalidKeyType
| InvalidAesKeyLength
| InvalidHkdfOutputType
| InvalidPrivateKeyLen
| InvalidX25519SecretLength => Kind::Misuse,
UnknownEcdhKeyType | EntryNotFound(_) | SecretNotFound => Kind::NotFound,
_ => Kind::Invalid,
};
Error::new(Origin::Vault, kind, err)
}
}
#[cfg(feature = "rustcrypto")]
pub(crate) fn from_pkcs8<T: core::fmt::Display>(e: T) -> Error {
#[cfg(feature = "no_std")]
use ockam_core::compat::string::ToString;
Error::new(Origin::Vault, Kind::Unknown, e.to_string())
}
#[cfg(feature = "rustcrypto")]
pub(crate) fn from_ecdsa(e: p256::ecdsa::Error) -> Error {
Error::new(Origin::Vault, Kind::Unknown, e)
}
#[cfg(feature = "rustcrypto")]
pub(crate) fn from_ecurve(e: p256::elliptic_curve::Error) -> Error {
Error::new(Origin::Vault, Kind::Unknown, e)
}