From edb2c6a29ba96594f69759cbc331d669ef8e6a9d Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sun, 14 Nov 2021 13:38:44 -0700 Subject: [PATCH] pkcs8: rename `Error::Crypto` => `Error::EncryptedKey` (#213) Renames the old variant and has it propagate the newly added `pkcs5::Error` type, which includes information about why PKCS#5 operations failed. --- pkcs8/src/document/private_key.rs | 21 ++++++++------------- pkcs8/src/encrypted_private_key_info.rs | 3 +-- pkcs8/src/error.rs | 18 ++++++++++++------ 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/pkcs8/src/document/private_key.rs b/pkcs8/src/document/private_key.rs index b49ae55f1..8f460f5ad 100644 --- a/pkcs8/src/document/private_key.rs +++ b/pkcs8/src/document/private_key.rs @@ -60,9 +60,7 @@ impl PrivateKeyDocument { let mut iv = [0u8; 16]; rng.fill_bytes(&mut iv); - let pbes2_params = pbes2::Parameters::scrypt_aes256cbc(Default::default(), &salt, &iv) - .map_err(|_| Error::Crypto)?; - + let pbes2_params = pbes2::Parameters::scrypt_aes256cbc(Default::default(), &salt, &iv)?; self.encrypt_with_params(pbes2_params, password) } @@ -75,16 +73,13 @@ impl PrivateKeyDocument { pbes2_params: pbes2::Parameters<'_>, password: impl AsRef<[u8]>, ) -> Result { - pbes2_params - .encrypt(password, self.as_ref()) - .map_err(|_| Error::Crypto) - .and_then(|encrypted_data| { - EncryptedPrivateKeyInfo { - encryption_algorithm: pbes2_params.into(), - encrypted_data: &encrypted_data, - } - .try_into() - }) + let encrypted_data = pbes2_params.encrypt(password, self.as_ref())?; + + EncryptedPrivateKeyInfo { + encryption_algorithm: pbes2_params.into(), + encrypted_data: &encrypted_data, + } + .try_into() } } diff --git a/pkcs8/src/encrypted_private_key_info.rs b/pkcs8/src/encrypted_private_key_info.rs index 34fb9a366..101892d97 100644 --- a/pkcs8/src/encrypted_private_key_info.rs +++ b/pkcs8/src/encrypted_private_key_info.rs @@ -49,8 +49,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> { pub fn decrypt(&self, password: impl AsRef<[u8]>) -> Result { Ok(self .encryption_algorithm - .decrypt(password, self.encrypted_data) - .map_err(|_| Error::Crypto)? + .decrypt(password, self.encrypted_data)? .try_into()?) } diff --git a/pkcs8/src/error.rs b/pkcs8/src/error.rs index 3fdf9df3d..b433bb7c1 100644 --- a/pkcs8/src/error.rs +++ b/pkcs8/src/error.rs @@ -12,11 +12,9 @@ pub enum Error { /// ASN.1 DER-related errors. Asn1(der::Error), - /// Cryptographic errors. - /// - /// This is primarily used for relaying PKCS#5-related errors for - /// PKCS#8 documents which have been encrypted under a password. - Crypto, + /// Errors relating to PKCS#5-encrypted keys. + #[cfg(feature = "pkcs5")] + EncryptedKey(pkcs5::Error), /// Malformed cryptographic key contained in a PKCS#8 document. /// @@ -37,7 +35,8 @@ impl fmt::Display for Error { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { Error::Asn1(err) => write!(f, "PKCS#8 ASN.1 error: {}", err), - Error::Crypto => f.write_str("PKCS#8 cryptographic error"), + #[cfg(feature = "pkcs5")] + Error::EncryptedKey(err) => write!(f, "{}", err), Error::KeyMalformed => f.write_str("PKCS#8 cryptographic key data malformed"), Error::ParametersMalformed => f.write_str("PKCS#8 algorithm parameters malformed"), Error::PublicKey(err) => write!(f, "public key error: {}", err), @@ -60,6 +59,13 @@ impl From for Error { } } +#[cfg(feature = "pkcs5")] +impl From for Error { + fn from(err: pkcs5::Error) -> Error { + Error::EncryptedKey(err) + } +} + impl From for Error { fn from(err: spki::Error) -> Error { Error::PublicKey(err)