rustls_mbedtls_provider_utils/
error.rs

1use alloc::{format, sync::Arc};
2use rustls::OtherError;
3
4/// Converts an `mbedtls::Error` into a `rustls::Error`
5pub fn mbedtls_err_into_rustls_err(err: mbedtls::Error) -> rustls::Error {
6    mbedtls_err_into_rustls_err_with_error_msg(err, "")
7}
8
9/// Converts an `mbedtls::Error` into a `rustls::Error`; may include the provided `msg` in the
10/// returned error (e.g., if returning a `rustls::Error::General` error).
11pub fn mbedtls_err_into_rustls_err_with_error_msg(err: mbedtls::Error, msg: &str) -> rustls::Error {
12    match err {
13        mbedtls::Error::X509InvalidSignature | mbedtls::Error::RsaVerifyFailed => {
14            rustls::Error::InvalidCertificate(rustls::CertificateError::BadSignature)
15        }
16
17        mbedtls::Error::X509CertUnknownFormat | mbedtls::Error::X509BadInputData => {
18            rustls::Error::InvalidCertificate(rustls::CertificateError::BadEncoding)
19        }
20
21        mbedtls::Error::X509BufferTooSmall
22        | mbedtls::Error::X509CertVerifyFailed
23        | mbedtls::Error::X509FatalError
24        | mbedtls::Error::X509FeatureUnavailable
25        | mbedtls::Error::X509InvalidAlg
26        | mbedtls::Error::X509InvalidDate
27        | mbedtls::Error::X509InvalidExtensions
28        | mbedtls::Error::X509InvalidFormat
29        | mbedtls::Error::X509InvalidSerial
30        | mbedtls::Error::X509InvalidVersion
31        | mbedtls::Error::X509SigMismatch
32        | mbedtls::Error::X509UnknownOid
33        | mbedtls::Error::X509UnknownSigAlg
34        | mbedtls::Error::X509UnknownVersion => {
35            rustls::Error::InvalidCertificate(rustls::CertificateError::Other(OtherError(Arc::new(err))))
36        }
37
38        mbedtls::Error::X509InvalidName => rustls::Error::InvalidCertificate(rustls::CertificateError::NotValidForName),
39
40        _ => rustls::Error::General(format!("{err}{sep}{msg}", sep = if msg.is_empty() { "" } else { "\n" })),
41    }
42}
43
44#[cfg(test)]
45mod tests {
46    use super::*;
47    use rustls::CertificateError;
48
49    #[test]
50    fn test_mbedtls_err_into_rustls_err() {
51        assert_eq!(
52            mbedtls_err_into_rustls_err(mbedtls::Error::X509InvalidSignature),
53            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
54        );
55        assert_eq!(
56            mbedtls_err_into_rustls_err(mbedtls::Error::RsaVerifyFailed),
57            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
58        );
59        assert_eq!(
60            mbedtls_err_into_rustls_err(mbedtls::Error::X509BadInputData),
61            rustls::Error::InvalidCertificate(CertificateError::BadEncoding)
62        );
63        assert_eq!(
64            mbedtls_err_into_rustls_err(mbedtls::Error::X509CertUnknownFormat),
65            rustls::Error::InvalidCertificate(CertificateError::BadEncoding)
66        );
67        assert_eq!(
68            mbedtls_err_into_rustls_err(mbedtls::Error::X509InvalidName),
69            rustls::Error::InvalidCertificate(CertificateError::NotValidForName)
70        );
71    }
72
73    #[test]
74    fn test_mbedtls_err_into_rustls_err_with_error_msg() {
75        assert_eq!(
76            mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509InvalidSignature, ""),
77            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
78        );
79        assert_eq!(
80            mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::CipherAuthFailed, ""),
81            rustls::Error::General(String::from("mbedTLS error CipherAuthFailed"))
82        );
83        assert_eq!(
84            mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::RsaVerifyFailed, ""),
85            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
86        );
87        assert_eq!(
88            mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509InvalidName, ""),
89            rustls::Error::InvalidCertificate(CertificateError::NotValidForName)
90        );
91        assert_eq!(
92            format!(
93                "{:?}",
94                mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509UnknownVersion, "")
95            ),
96            format!(
97                "{:?}",
98                rustls::Error::InvalidCertificate(CertificateError::Other(OtherError(Arc::new(
99                    mbedtls::Error::X509UnknownVersion
100                ))))
101            )
102        );
103        assert_eq!(
104            format!(
105                "{:?}",
106                mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509InvalidSerial, "Invalid serial number")
107            ),
108            format!(
109                "{:?}",
110                rustls::Error::InvalidCertificate(CertificateError::Other(OtherError(Arc::new(
111                    mbedtls::Error::X509InvalidSerial
112                ))))
113            )
114        );
115    }
116}