Merge pull request #73 from buzzfeed/aead-add-better-errors

aead: add more useful errors
buzzfeed · Sep 26, 2018 · b81b0ff · b81b0ff
2 parents df79a94 + eb63c8e
commit b81b0ff
Showing 1 changed file with 5 additions and 10 deletions.
diff --git a/internal/pkg/aead/aead.go b/internal/pkg/aead/aead.go
@@ -4,7 +4,7 @@ import (
 	"crypto/cipher"
 	"encoding/base64"
 	"encoding/json"
-	"errors"
+	"fmt"
 
 	miscreant "github.com/miscreant/miscreant-go"
 )
@@ -13,11 +13,6 @@ const miscreantNonceSize = 16
 
 var algorithmType = "AES-CMAC-SIV"
 
-var (
-	// ErrInvalidValue is an error for an invalid value
-	ErrInvalidValue = errors.New("invalid value")
-)
-
 // Cipher provides methods to encrypt and decrypt values.
 type Cipher interface {
 	Encrypt([]byte) ([]byte, error)
@@ -49,11 +44,11 @@ func GenerateKey() []byte {
 	return miscreant.GenerateKey(32)
 }
 
-// Encrypt a value using AES GCM
+// Encrypt a value using AES-CMAC-SIV
 func (c *MiscreantCipher) Encrypt(plaintext []byte) (joined []byte, err error) {
 	defer func() {
 		if r := recover(); r != nil {
-			err = ErrInvalidValue
+			err = fmt.Errorf("miscreant error encrypting bytes: %v", r)
 		}
 	}()
 	nonce := miscreant.GenerateNonce(c.aead)
@@ -64,10 +59,10 @@ func (c *MiscreantCipher) Encrypt(plaintext []byte) (joined []byte, err error) {
 	return joined, nil
 }
 
-// Decrypt a value using AES GCM
+// Decrypt a value using AES-CMAC-SIV
 func (c *MiscreantCipher) Decrypt(joined []byte) ([]byte, error) {
 	if len(joined) <= miscreantNonceSize {
-		return nil, ErrInvalidValue
+		return nil, fmt.Errorf("invalid input size: %d", len(joined))
 	}
 	// grab out the nonce
 	pivot := len(joined) - miscreantNonceSize