webauthn_rs_core/
error.rs

1//! Possible errors that may occur during Webauthn Operation processing
2
3use base64::DecodeError as b64DecodeError;
4use openssl::error::ErrorStack as OpenSSLErrorStack;
5use serde_cbor_2::error::Error as CBORError;
6use serde_json::error::Error as JSONError;
7// use serde::{Deserialize, Serialize};
8// use nom::Err as NOMError;
9
10/// A wrapper for `Result<T, WebauthnError>`
11pub type WebauthnResult<T> = core::result::Result<T, WebauthnError>;
12
13/// Possible errors that may occur during Webauthn Operation processing.
14#[derive(Debug, thiserror::Error)]
15#[allow(missing_docs)]
16pub enum WebauthnError {
17    #[error("The configuration was invalid")]
18    Configuration,
19
20    #[error("The JSON from the client did not indicate webauthn.<method> correctly")]
21    InvalidClientDataType,
22
23    #[error(
24        "The client response challenge differs from the latest challenge issued to the userId"
25    )]
26    MismatchedChallenge,
27
28    #[error("There are no challenges associated to the UserId")]
29    ChallengeNotFound,
30
31    #[error("The clients relying party origin does not match our servers information")]
32    InvalidRPOrigin,
33
34    #[error("The clients relying party id hash does not match the hash of our relying party id")]
35    InvalidRPIDHash,
36
37    #[error("The user present bit is not set, and required")]
38    UserNotPresent,
39
40    #[error("The user verified bit is not set, and required by policy")]
41    UserNotVerified,
42
43    #[error("The extensions are unknown to this server")]
44    InvalidExtensions,
45
46    #[error("An extension for this identifier was not in the authenticator data")]
47    AuthenticatorDataMissingExtension,
48
49    #[error("The required attestation data is not present in the response")]
50    MissingAttestationCredentialData,
51
52    #[error("The attestation format requested is not able to be processed by this server - please report an issue to add the attestation format")]
53    AttestationNotSupported,
54
55    #[error("A failure occurred in persisting the Challenge data")]
56    ChallengePersistenceError,
57
58    #[error("The attestation statement map is not valid")]
59    AttestationStatementMapInvalid,
60
61    #[error("The attestation statement response is not present")]
62    AttestationStatementResponseMissing,
63
64    #[error("The attestation statement response is not valid")]
65    AttestationStatementResponseInvalid,
66
67    #[error("The attestation statement signature is not present")]
68    AttestationStatementSigMissing,
69
70    #[error("The attestation statement signature is not valid")]
71    AttestationStatementSigInvalid,
72
73    #[error("The attestation statement version is not present")]
74    AttestationStatementVerMissing,
75
76    #[error("The attestation statement version is not valid")]
77    AttestationStatementVerInvalid,
78
79    #[error("The attestation statement version not supported")]
80    AttestationStatementVerUnsupported,
81
82    #[error("The attestation statement x5c (trust root) is not present")]
83    AttestationStatementX5CMissing,
84
85    #[error("The attestation statement x5c (trust root) is not valid")]
86    AttestationStatementX5CInvalid,
87
88    #[error("The attestation statement algorithm is not present")]
89    AttestationStatementAlgMissing,
90
91    #[error("The attestation statement certInfo is not present")]
92    AttestationStatementCertInfoMissing,
93
94    #[error("A required extension was not in the attestation statement")]
95    AttestationStatementMissingExtension,
96
97    #[error("The attestation statement pubArea is not present")]
98    AttestationStatementPubAreaMissing,
99
100    #[error("The attestation statement alg does not match algorithm of the credentialPublicKey in authenticatorData")]
101    AttestationStatementAlgMismatch,
102
103    #[error("The attestation statement alg does not match algorithm of the credentialPublicKey in authenticatorData")]
104    AttestationStatementAlgInvalid,
105
106    #[error("The attestation trust could not be established")]
107    AttestationTrustFailure,
108
109    #[error("The attestation Certificate's OID 1.3.6.1.4.1.45724.1.1.4 aaguid does not match the aaguid of the token")]
110    AttestationCertificateAAGUIDMismatch,
111
112    #[error("The attestation Certificate's OID 1.2.840.113635.100.8.2 value does not match the computed nonce")]
113    AttestationCertificateNonceMismatch,
114
115    #[error("The attestation created by the TPM is not correct")]
116    AttestationTpmStInvalid,
117
118    #[error("The TPM attestation and key algorithms do not match")]
119    AttestationTpmPubAreaMismatch,
120
121    #[error("The TPM attestation extraData is missing or invalid")]
122    AttestationTpmExtraDataInvalid,
123
124    #[error("The TPM attestation extraData does not match the hash of the verification data")]
125    AttestationTpmExtraDataMismatch,
126
127    #[error("The TPM requested hash over pubArea is unknown")]
128    AttestationTpmPubAreaHashUnknown,
129
130    #[error("The TPM requested hash over pubArea is invalid")]
131    AttestationTpmPubAreaHashInvalid,
132
133    #[error("The TPM attest certify structure is invalid")]
134    AttestationTpmAttestCertifyInvalid,
135
136    #[error("The requirements of https://w3c.github.io/webauthn/#sctn-packed-attestation-cert-requirements are not met by this attestation certificate")]
137    AttestationCertificateRequirementsNotMet,
138
139    #[error("The provided list of CA's for attestation is empty, allowing no trust path to be established")]
140    AttestationCertificateTrustStoreEmpty,
141
142    #[error("The leaf certificate we intented to verify is missing.")]
143    AttestationLeafCertMissing,
144
145    #[error("The attestation was parsed, but is not a format valid for CA chain validation")]
146    AttestationNotVerifiable,
147
148    #[error("The attestation CA that was trusted limits the aaguids allowed, this device is not a member of that set")]
149    AttestationUntrustedAaguid,
150
151    #[error("The attestation CA that was trusted limits the aaguids allowed, but this device does not have an aaguid")]
152    AttestationFormatMissingAaguid,
153
154    #[error(
155        "The attestation was parsed, but is not trusted by one of the selected CA certificates"
156    )]
157    AttestationChainNotTrusted(String),
158
159    #[error("The X5C trust root is not a valid algorithm for signing")]
160    CertificatePublicKeyInvalid,
161
162    #[error("A base64 parser failure has occurred")]
163    ParseBase64Failure(#[from] b64DecodeError),
164
165    #[error("A CBOR parser failure has occurred")]
166    ParseCBORFailure(#[from] CBORError),
167
168    #[error("A JSON parser failure has occurred")]
169    ParseJSONFailure(#[from] JSONError),
170
171    #[error("A NOM parser failure has occurred")]
172    ParseNOMFailure,
173
174    #[error("In parsing the attestation object, there was insufficient data")]
175    ParseInsufficientBytesAvailable,
176
177    #[error("An OpenSSL Error has occurred")]
178    OpenSSLError(#[from] OpenSSLErrorStack),
179
180    #[error("The requested OpenSSL curve is not supported by OpenSSL")]
181    OpenSSLErrorNoCurveName,
182
183    #[error("The COSEKey contains invalid CBOR which can not be processed")]
184    COSEKeyInvalidCBORValue,
185
186    #[error("The COSEKey type is not supported by this implementation")]
187    COSEKeyInvalidType,
188
189    #[error("ED25519 and ED448 keys are not supported by this implementation")]
190    COSEKeyEDUnsupported,
191
192    #[error("The COSEKey contains invalid ECDSA X/Y coordinate data")]
193    COSEKeyECDSAXYInvalid,
194
195    #[error("The COSEKey contains invalid RSA modulus/exponent data")]
196    COSEKeyRSANEInvalid,
197
198    #[error("The COSEKey uses a curve that is not supported by this implementation")]
199    COSEKeyECDSAInvalidCurve,
200
201    #[error("The COSEKey contains invalid EDDSA X coordinate data")]
202    COSEKeyEDDSAXInvalid,
203
204    #[error("The COSEKey uses a curve that is not supported by this implementation")]
205    COSEKeyEDDSAInvalidCurve,
206
207    #[error("The COSEKey contains invalid cryptographic algorithm request")]
208    COSEKeyInvalidAlgorithm,
209
210    #[error("The credential may be a passkey and not truly bound to hardware.")]
211    CredentialMayNotBeHardwareBound,
212
213    #[error("The credential uses insecure cryptographic routines and is not trusted")]
214    CredentialInsecureCryptography,
215
216    #[error("The credential exist check failed")]
217    CredentialExistCheckError,
218
219    #[error("The credential already exists")]
220    CredentialAlreadyExists,
221
222    #[error("The credential was not able to be persisted")]
223    CredentialPersistenceError,
224
225    #[error("The credential was not able to be retrieved")]
226    CredentialRetrievalError,
227
228    #[error("The credential requested could not be found")]
229    CredentialNotFound,
230
231    #[error("A credential alg that was not allowed in the request was attempted.")]
232    CredentialAlteredAlgFromRequest,
233
234    #[error("A credential that was excluded in the request attempted to register.")]
235    CredentialExcludedFromRequest,
236
237    #[error("The credential may have be compromised and should be inspected")]
238    CredentialPossibleCompromise,
239
240    #[error("The credential counter could not be updated")]
241    CredentialCounterUpdateFailure,
242
243    #[error("The provided call back failed to allow reporting the credential failure")]
244    CredentialCompromiseReportFailure,
245
246    #[error("The backup (passkey) eligibility of this device has changed, meaning it must be re-enrolled for security validation")]
247    CredentialBackupEligibilityInconsistent,
248
249    #[error("The trust path could not be established")]
250    TrustFailure,
251
252    #[error("Authentication has failed")]
253    AuthenticationFailure,
254
255    #[error("Inconsistent Credential Verification and User Verification Policy")]
256    InconsistentUserVerificationPolicy,
257
258    #[error("Invalid User Name supplied for registration")]
259    InvalidUsername,
260
261    #[error("Invalid UserID supplied during authentication")]
262    InvalidUserUniqueId,
263
264    #[error("Supplied Nid does not correspond to a supported ECDSA curve")]
265    ECDSACurveInvalidNid,
266
267    #[error("The attested credential public key and subject public key do not match")]
268    AttestationCredentialSubjectKeyMismatch,
269
270    #[error(
271        "The credential was created in a cross-origin context (while cross-origin was disallowed)"
272    )]
273    CredentialCrossOrigin,
274
275    #[error("The attestation ca list can not be empty")]
276    MissingAttestationCaList,
277
278    #[error("This key has an invalid backup state flag")]
279    SshPublicKeyBackupState,
280
281    #[error("ED25519 and ED448 keys are not supported by this implementation")]
282    SshPublicKeyEDUnsupported,
283
284    #[error("The requested ssh public key curve is invalid")]
285    SshPublicKeyInvalidCurve,
286
287    #[error("The SSH public key is invalid")]
288    SshPublicKeyInvalidPubkey,
289
290    #[error("The attestation requst indicates cred protect was required, but user verification was not performed")]
291    SshPublicKeyInconsistentUserVerification,
292}
293
294impl PartialEq for WebauthnError {
295    fn eq(&self, other: &Self) -> bool {
296        std::mem::discriminant(self) == std::mem::discriminant(other)
297    }
298}
webauthn_rs_core/error.rs

webauthn_rs_core/
error.rs
