pkcs8: rename Error::Crypto => Error::EncryptedKey (#213)

Renames the old variant and has it propagate the newly added `pkcs5::Error` type, which includes information about why PKCS#5 operations failed.
RustCrypto · Nov 14, 2021 · edb2c6a · edb2c6a
1 parent 128b7f4
commit edb2c6a
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 21 deletions.
diff --git a/pkcs8/src/document/private_key.rs b/pkcs8/src/document/private_key.rs
@@ -60,9 +60,7 @@ impl PrivateKeyDocument {
         let mut iv = [0u8; 16];
         rng.fill_bytes(&mut iv);
 
-        let pbes2_params = pbes2::Parameters::scrypt_aes256cbc(Default::default(), &salt, &iv)
-            .map_err(|_| Error::Crypto)?;
-
+        let pbes2_params = pbes2::Parameters::scrypt_aes256cbc(Default::default(), &salt, &iv)?;
         self.encrypt_with_params(pbes2_params, password)
     }
 
@@ -75,16 +73,13 @@ impl PrivateKeyDocument {
         pbes2_params: pbes2::Parameters<'_>,
         password: impl AsRef<[u8]>,
     ) -> Result<EncryptedPrivateKeyDocument> {
-        pbes2_params
-            .encrypt(password, self.as_ref())
-            .map_err(|_| Error::Crypto)
-            .and_then(|encrypted_data| {
-                EncryptedPrivateKeyInfo {
-                    encryption_algorithm: pbes2_params.into(),
-                    encrypted_data: &encrypted_data,
-                }
-                .try_into()
-            })
+        let encrypted_data = pbes2_params.encrypt(password, self.as_ref())?;
+
+        EncryptedPrivateKeyInfo {
+            encryption_algorithm: pbes2_params.into(),
+            encrypted_data: &encrypted_data,
+        }
+        .try_into()
     }
 }
 

diff --git a/pkcs8/src/encrypted_private_key_info.rs b/pkcs8/src/encrypted_private_key_info.rs
@@ -49,8 +49,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> {
     pub fn decrypt(&self, password: impl AsRef<[u8]>) -> Result<PrivateKeyDocument> {
         Ok(self
             .encryption_algorithm
-            .decrypt(password, self.encrypted_data)
-            .map_err(|_| Error::Crypto)?
+            .decrypt(password, self.encrypted_data)?
             .try_into()?)
     }
 

diff --git a/pkcs8/src/error.rs b/pkcs8/src/error.rs
@@ -12,11 +12,9 @@ pub enum Error {
     /// ASN.1 DER-related errors.
     Asn1(der::Error),
 
-    /// Cryptographic errors.
-    ///
-    /// This is primarily used for relaying PKCS#5-related errors for
-    /// PKCS#8 documents which have been encrypted under a password.
-    Crypto,
+    /// Errors relating to PKCS#5-encrypted keys.
+    #[cfg(feature = "pkcs5")]
+    EncryptedKey(pkcs5::Error),
 
     /// Malformed cryptographic key contained in a PKCS#8 document.
     ///
@@ -37,7 +35,8 @@ impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
             Error::Asn1(err) => write!(f, "PKCS#8 ASN.1 error: {}", err),
-            Error::Crypto => f.write_str("PKCS#8 cryptographic error"),
+            #[cfg(feature = "pkcs5")]
+            Error::EncryptedKey(err) => write!(f, "{}", err),
             Error::KeyMalformed => f.write_str("PKCS#8 cryptographic key data malformed"),
             Error::ParametersMalformed => f.write_str("PKCS#8 algorithm parameters malformed"),
             Error::PublicKey(err) => write!(f, "public key error: {}", err),
@@ -60,6 +59,13 @@ impl From<der::ErrorKind> for Error {
     }
 }
 
+#[cfg(feature = "pkcs5")]
+impl From<pkcs5::Error> for Error {
+    fn from(err: pkcs5::Error) -> Error {
+        Error::EncryptedKey(err)
+    }
+}
+
 impl From<spki::Error> for Error {
     fn from(err: spki::Error) -> Error {
         Error::PublicKey(err)