rustls_mbedtls_provider_utils/
error.rs

1use alloc::{format, sync::Arc};
2use mbedtls::error::{codes, Error as ErrMbed};
3use rustls::OtherError;
4
5/// Converts an `mbedtls::Error` into a `rustls::Error`
6pub fn mbedtls_err_into_rustls_err(err: ErrMbed) -> rustls::Error {
7    mbedtls_err_into_rustls_err_with_error_msg(err, "")
8}
9
10/// Converts an `mbedtls::Error` into a `rustls::Error`; may include the provided `msg` in the
11/// returned error (e.g., if returning a `rustls::Error::General` error).
12pub fn mbedtls_err_into_rustls_err_with_error_msg(err: ErrMbed, msg: &str) -> rustls::Error {
13    match err {
14        ErrMbed::HighLevel(codes::X509InvalidSignature) | ErrMbed::HighLevel(codes::RsaVerifyFailed) => {
15            rustls::Error::InvalidCertificate(rustls::CertificateError::BadSignature)
16        }
17
18        ErrMbed::HighLevel(codes::X509CertUnknownFormat) | ErrMbed::HighLevel(codes::X509BadInputData) => {
19            rustls::Error::InvalidCertificate(rustls::CertificateError::BadEncoding)
20        }
21
22        ErrMbed::HighLevel(codes::X509BufferTooSmall)
23        | ErrMbed::HighLevel(codes::X509CertVerifyFailed)
24        | ErrMbed::HighLevel(codes::X509FatalError)
25        | ErrMbed::HighLevel(codes::X509FeatureUnavailable)
26        | ErrMbed::HighLevel(codes::X509InvalidAlg)
27        | ErrMbed::HighLevel(codes::X509InvalidDate)
28        | ErrMbed::HighLevel(codes::X509InvalidExtensions)
29        | ErrMbed::HighLevel(codes::X509InvalidFormat)
30        | ErrMbed::HighLevel(codes::X509InvalidSerial)
31        | ErrMbed::HighLevel(codes::X509InvalidVersion)
32        | ErrMbed::HighLevel(codes::X509SigMismatch)
33        | ErrMbed::HighLevel(codes::X509UnknownOid)
34        | ErrMbed::HighLevel(codes::X509UnknownSigAlg)
35        | ErrMbed::HighLevel(codes::X509UnknownVersion) => {
36            rustls::Error::InvalidCertificate(rustls::CertificateError::Other(OtherError(Arc::new(err))))
37        }
38
39        ErrMbed::HighLevel(codes::X509InvalidName) => {
40            rustls::Error::InvalidCertificate(rustls::CertificateError::NotValidForName)
41        }
42
43        _ => rustls::Error::General(format!("{err}{sep}{msg}", sep = if msg.is_empty() { "" } else { "\n" })),
44    }
45}
46
47#[cfg(test)]
48mod tests {
49    use super::*;
50    use rustls::CertificateError;
51
52    #[test]
53    fn test_mbedtls_err_into_rustls_err() {
54        assert_eq!(
55            mbedtls_err_into_rustls_err(codes::X509InvalidSignature.into()),
56            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
57        );
58        assert_eq!(
59            mbedtls_err_into_rustls_err(codes::RsaVerifyFailed.into()),
60            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
61        );
62        assert_eq!(
63            mbedtls_err_into_rustls_err(codes::X509BadInputData.into()),
64            rustls::Error::InvalidCertificate(CertificateError::BadEncoding)
65        );
66        assert_eq!(
67            mbedtls_err_into_rustls_err(codes::X509CertUnknownFormat.into()),
68            rustls::Error::InvalidCertificate(CertificateError::BadEncoding)
69        );
70        assert_eq!(
71            mbedtls_err_into_rustls_err(codes::X509InvalidName.into()),
72            rustls::Error::InvalidCertificate(CertificateError::NotValidForName)
73        );
74    }
75
76    #[test]
77    fn test_mbedtls_err_into_rustls_err_with_error_msg() {
78        assert_eq!(
79            mbedtls_err_into_rustls_err_with_error_msg(codes::X509InvalidSignature.into(), ""),
80            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
81        );
82        assert_eq!(
83            mbedtls_err_into_rustls_err_with_error_msg(codes::CipherAuthFailed.into(), ""),
84            rustls::Error::General(String::from("mbedTLS error HiError :: CipherAuthFailed"))
85        );
86        assert_eq!(
87            mbedtls_err_into_rustls_err_with_error_msg(codes::RsaVerifyFailed.into(), ""),
88            rustls::Error::InvalidCertificate(CertificateError::BadSignature)
89        );
90        assert_eq!(
91            mbedtls_err_into_rustls_err_with_error_msg(codes::X509InvalidName.into(), ""),
92            rustls::Error::InvalidCertificate(CertificateError::NotValidForName)
93        );
94        assert_eq!(
95            format!(
96                "{:?}",
97                mbedtls_err_into_rustls_err_with_error_msg(codes::X509UnknownVersion.into(), "")
98            ),
99            format!(
100                "{:?}",
101                rustls::Error::InvalidCertificate(CertificateError::Other(OtherError(Arc::new(ErrMbed::HighLevel(
102                    codes::X509UnknownVersion
103                )))))
104            )
105        );
106        assert_eq!(
107            format!(
108                "{:?}",
109                mbedtls_err_into_rustls_err_with_error_msg(codes::X509InvalidSerial.into(), "Invalid serial number")
110            ),
111            format!(
112                "{:?}",
113                rustls::Error::InvalidCertificate(CertificateError::Other(OtherError(Arc::new(ErrMbed::HighLevel(
114                    codes::X509InvalidSerial
115                )))))
116            )
117        );
118    }
119}