From 7052f7eca1fb9f873019cb6541d2d4d1074513b7 Mon Sep 17 00:00:00 2001 From: beltram Date: Mon, 13 Nov 2023 17:25:53 +0100 Subject: [PATCH] wip --- .../binary_tree/array_representation/diff.rs | 2 +- openmls/src/credentials/certificate.rs | 10 ++--- openmls/src/credentials/errors.rs | 8 ++-- openmls/src/error.rs | 2 +- openmls/src/extensions/errors.rs | 2 +- openmls/src/framing/errors.rs | 6 +-- openmls/src/group/errors.rs | 34 +++++++-------- openmls/src/group/mls_group/errors.rs | 42 +++++++++---------- openmls/src/group/public_group/errors.rs | 4 +- openmls/src/key_packages/errors.rs | 6 +-- openmls/src/schedule/errors.rs | 6 +-- openmls/src/treesync/errors.rs | 26 ++++++------ openmls/src/treesync/mod.rs | 2 +- traits/src/types.rs | 2 - x509_credential/Cargo.toml | 1 + x509_credential/src/error.rs | 13 ++++++ x509_credential/src/lib.rs | 35 +++++++--------- 17 files changed, 103 insertions(+), 98 deletions(-) create mode 100644 x509_credential/src/error.rs diff --git a/openmls/src/binary_tree/array_representation/diff.rs b/openmls/src/binary_tree/array_representation/diff.rs index 1733819913..cd1d43e03e 100644 --- a/openmls/src/binary_tree/array_representation/diff.rs +++ b/openmls/src/binary_tree/array_representation/diff.rs @@ -399,7 +399,7 @@ impl<'a, L: Clone + Debug + Default, P: Clone + Debug + Default> AbDiff<'a, L, P } /// Binary Tree Diff error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ABinaryTreeDiffError { /// See [`LibraryError`] for more details. #[error(transparent)] diff --git a/openmls/src/credentials/certificate.rs b/openmls/src/credentials/certificate.rs index de89ad8c42..ad7bf31c31 100644 --- a/openmls/src/credentials/certificate.rs +++ b/openmls/src/credentials/certificate.rs @@ -82,17 +82,15 @@ impl Certificate { } pub fn verify(&self) -> Result<(), CredentialError> { - let verifier = rustls_platform_verifier::WireClientVerifier::new(); + let mut verifier = rustls_platform_verifier::WireClientVerifier::new(); let end_entity = self.get_end_entity()?; let intermediates = self.get_intermediates()?; + let options = rustls_platform_verifier::VerifyOptions::try_new(true, &[])?; + use rustls_platform_verifier::WireVerifier as _; - verifier.verify_client_cert( - &end_entity, - &intermediates[..], - rustls_platform_verifier::VerifyOptions::default(), - )?; + verifier.verify_client_cert(&end_entity, intermediates.as_slice(), options)?; Ok(()) } diff --git a/openmls/src/credentials/errors.rs b/openmls/src/credentials/errors.rs index 343a2c259e..47a1d9e49a 100644 --- a/openmls/src/credentials/errors.rs +++ b/openmls/src/credentials/errors.rs @@ -6,7 +6,7 @@ use crate::error::LibraryError; use thiserror::Error; /// An error that occurs in methods of a [`super::Credential`]. -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CredentialError { /// A library error occurred. #[error(transparent)] @@ -26,7 +26,7 @@ pub enum CredentialError { /// x509 certificate chain is either unordered or a child is missigned by its issuer #[error("Invalid x509 certificate chain.")] InvalidCertificateChain, - /// Rustls error - #[error("Rustls error")] - RustlsError(#[from] rustls_platform_verifier::RustlsError), + /// X509 certificate verification error + #[error("X509 certificate verification error")] + RustlsError(#[from] rustls_platform_verifier::WireX509Error), } diff --git a/openmls/src/error.rs b/openmls/src/error.rs index 864044b6b1..c50dffa8d9 100644 --- a/openmls/src/error.rs +++ b/openmls/src/error.rs @@ -67,7 +67,7 @@ use tls_codec::Error as TlsCodecError; /// /// In all cases, when a `LibraryError` is returned, applications should try to recover gracefully from it. /// It is recommended to log the error for potential debugging. -#[derive(Error, Debug, PartialEq, Eq, Clone)] +#[derive(Error, Debug)] pub struct LibraryError { internal: InternalLibraryError, } diff --git a/openmls/src/extensions/errors.rs b/openmls/src/extensions/errors.rs index 65939f0599..c19521a202 100644 --- a/openmls/src/extensions/errors.rs +++ b/openmls/src/extensions/errors.rs @@ -14,7 +14,7 @@ use crate::error::{ErrorString, LibraryError}; use thiserror::Error; /// Extension error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ExtensionError { /// Unsupported proposal type in required capabilities. #[error("Unsupported proposal type in required capabilities.")] diff --git a/openmls/src/framing/errors.rs b/openmls/src/framing/errors.rs index 0001217671..38ac42e4ff 100644 --- a/openmls/src/framing/errors.rs +++ b/openmls/src/framing/errors.rs @@ -11,7 +11,7 @@ use thiserror::Error; pub use crate::tree::secret_tree::SecretTreeError; /// Message decryption error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum MessageDecryptionError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -37,7 +37,7 @@ pub enum MessageDecryptionError { } /// Message encryption error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum MessageEncryptionError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -54,7 +54,7 @@ pub enum MessageEncryptionError { } /// Sender error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum SenderError { /// See [`LibraryError`] for more details. #[error(transparent)] diff --git a/openmls/src/group/errors.rs b/openmls/src/group/errors.rs index 5cc4362c5f..c825a5c9c1 100644 --- a/openmls/src/group/errors.rs +++ b/openmls/src/group/errors.rs @@ -21,7 +21,7 @@ use crate::{ }; /// Welcome error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum WelcomeError { /// See [`GroupSecretsError`] for more details. #[error(transparent)] @@ -102,7 +102,7 @@ pub enum WelcomeError { } /// External Commit error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ExternalCommitError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -135,7 +135,7 @@ pub enum ExternalCommitError { } /// Stage Commit error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum StageCommitError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -203,7 +203,7 @@ pub enum StageCommitError { } /// Create commit error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CreateCommitError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -247,7 +247,7 @@ pub enum CreateCommitError { } /// Validation error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ValidationError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -332,7 +332,7 @@ pub enum ValidationError { } /// Proposal validation error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposalValidationError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -384,7 +384,7 @@ pub enum ProposalValidationError { } /// ReInit validation error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ReInitValidationError { /// See [`LeafNodeValidationError`] for more details. #[error(transparent)] @@ -395,7 +395,7 @@ pub enum ReInitValidationError { } /// External Commit validaton error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ExternalCommitValidationError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -429,7 +429,7 @@ pub enum ExternalCommitValidationError { } /// Create add proposal error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CreateAddProposalError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -445,7 +445,7 @@ pub enum CreateAddProposalError { // === Crate errors === /// Exporter error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ExporterError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -455,7 +455,7 @@ pub enum ExporterError { } /// Proposal queue error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposalQueueError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -470,7 +470,7 @@ pub enum ProposalQueueError { /// Errors that can arise when creating a [`crate::group::core_group::proposals::ProposalQueue`] from committed /// proposals. -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum FromCommittedProposalsError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -484,7 +484,7 @@ pub enum FromCommittedProposalsError { } /// Creation proposal queue error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CreationProposalQueueError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -495,7 +495,7 @@ pub enum CreationProposalQueueError { } // Apply proposals error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ApplyProposalsError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -506,7 +506,7 @@ pub enum ApplyProposalsError { } // Core group build error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CoreGroupBuildError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -523,7 +523,7 @@ pub enum CoreGroupBuildError { } // CoreGroup parse message error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CoreGroupParseMessageError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -536,7 +536,7 @@ pub enum CoreGroupParseMessageError { } /// Error merging a commit. -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum MergeCommitError { /// See [`LibraryError`] for more details. #[error(transparent)] diff --git a/openmls/src/group/mls_group/errors.rs b/openmls/src/group/mls_group/errors.rs index b5a9b63404..d968f5da4c 100644 --- a/openmls/src/group/mls_group/errors.rs +++ b/openmls/src/group/mls_group/errors.rs @@ -23,7 +23,7 @@ use crate::{ }; /// New group error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum NewGroupError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -57,7 +57,7 @@ pub enum EmptyInputError { } /// Group state error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum MlsGroupStateError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -83,7 +83,7 @@ pub enum MlsGroupStateError { } /// Error merging pending commit -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum MergePendingCommitError { /// See [`MlsGroupStateError`] for more details. #[error(transparent)] @@ -94,7 +94,7 @@ pub enum MergePendingCommitError { } /// Process message error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProcessMessageError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -129,7 +129,7 @@ pub enum ProcessMessageError { } /// Create message error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CreateMessageError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -140,7 +140,7 @@ pub enum CreateMessageError { } /// Add members error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum AddMembersError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -160,7 +160,7 @@ pub enum AddMembersError { } /// Propose add members error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposeAddMemberError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -180,7 +180,7 @@ pub enum ProposeAddMemberError { } /// Propose remove members error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposeRemoveMemberError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -194,7 +194,7 @@ pub enum ProposeRemoveMemberError { } /// Remove members error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum RemoveMembersError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -214,7 +214,7 @@ pub enum RemoveMembersError { } /// Leave group error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum LeaveGroupError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -225,7 +225,7 @@ pub enum LeaveGroupError { } /// Self update error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum SelfUpdateError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -245,7 +245,7 @@ pub enum SelfUpdateError { } /// Propose self update error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposeSelfUpdateError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -265,7 +265,7 @@ pub enum ProposeSelfUpdateError { } /// Create group context ext proposal error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum UpdateExtensionsError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -282,7 +282,7 @@ pub enum UpdateExtensionsError { } /// Create group context ext proposal error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposeGroupContextExtensionError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -305,7 +305,7 @@ pub enum ProposeGroupContextExtensionError { } /// ReInit error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ReInitError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -319,7 +319,7 @@ pub enum ReInitError { } /// Create ReInit proposal error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposeReInitError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -332,7 +332,7 @@ pub enum ProposeReInitError { ReInitValidationError(#[from] ReInitValidationError), } /// Commit to pending proposals error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CommitToPendingProposalsError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -346,7 +346,7 @@ pub enum CommitToPendingProposalsError { } /// Errors that can happen when exporting a group info object. -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ExportGroupInfoError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -357,7 +357,7 @@ pub enum ExportGroupInfoError { } /// Export secret error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ExportSecretError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -371,7 +371,7 @@ pub enum ExportSecretError { } /// Propose PSK error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposePskError { /// See [`PskError`] for more details. #[error(transparent)] @@ -385,7 +385,7 @@ pub enum ProposePskError { } /// Export secret error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ProposalError { /// See [`LibraryError`] for more details. #[error(transparent)] diff --git a/openmls/src/group/public_group/errors.rs b/openmls/src/group/public_group/errors.rs index a819f68bba..7ce7a834c0 100644 --- a/openmls/src/group/public_group/errors.rs +++ b/openmls/src/group/public_group/errors.rs @@ -6,7 +6,7 @@ use crate::{ }; /// Public group creation from external error. -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum CreationFromExternalError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -29,7 +29,7 @@ pub enum CreationFromExternalError { } /// Public group builder error. -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum PublicGroupBuildError { /// See [`LibraryError`] for more details. #[error(transparent)] diff --git a/openmls/src/key_packages/errors.rs b/openmls/src/key_packages/errors.rs index e6c9dd6df4..ec66bab0d2 100644 --- a/openmls/src/key_packages/errors.rs +++ b/openmls/src/key_packages/errors.rs @@ -8,7 +8,7 @@ use crate::prelude::LeafNodeValidationError; use crate::{ciphersuite::signable::SignatureError, error::LibraryError}; /// KeyPackage verify error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum KeyPackageVerifyError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -48,7 +48,7 @@ pub enum KeyPackageExtensionSupportError { } /// KeyPackage new error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum KeyPackageNewError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -65,7 +65,7 @@ pub enum KeyPackageNewError { } /// KeyPackage delete error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum KeyPackageDeleteError { /// See [`LibraryError`] for more details. #[error(transparent)] diff --git a/openmls/src/schedule/errors.rs b/openmls/src/schedule/errors.rs index a0e7d04486..1876f9802f 100644 --- a/openmls/src/schedule/errors.rs +++ b/openmls/src/schedule/errors.rs @@ -9,7 +9,7 @@ use crate::{ }; /// PSK secret error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum PskError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -61,7 +61,7 @@ pub enum PskError { // === Crate === /// Key schedule state error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ErrorState { /// Expected to be in initial state. #[error("Expected to be in initial state.")] @@ -72,7 +72,7 @@ pub enum ErrorState { } /// Key schedule error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum KeyScheduleError { /// See [`LibraryError`] for more details. #[error(transparent)] diff --git a/openmls/src/treesync/errors.rs b/openmls/src/treesync/errors.rs index d225230bad..6b78311811 100644 --- a/openmls/src/treesync/errors.rs +++ b/openmls/src/treesync/errors.rs @@ -13,7 +13,7 @@ use crate::{ // === Public errors === /// Public tree error -#[derive(Error, Debug, PartialEq, Eq, Clone)] +#[derive(Error, Debug)] pub enum PublicTreeError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -42,7 +42,7 @@ pub enum PublicTreeError { } /// Apply update path error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum ApplyUpdatePathError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -81,7 +81,7 @@ pub enum ApplyUpdatePathError { // `UnsupportedExtension` is only used in tests for now #[allow(dead_code)] /// TreeSync error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum TreeSyncError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -119,7 +119,7 @@ pub enum TreeSyncError { } /// Derive path error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum DerivePathError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -130,7 +130,7 @@ pub enum DerivePathError { } /// TreeSync set path error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum TreeSyncAddLeaf { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -141,7 +141,7 @@ pub enum TreeSyncAddLeaf { } /// TreeSync from nodes error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum TreeSyncFromNodesError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -155,7 +155,7 @@ pub enum TreeSyncFromNodesError { } /// TreeSync parent hash error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum TreeSyncParentHashError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -166,7 +166,7 @@ pub enum TreeSyncParentHashError { } /// TreeSync parent hash error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum TreeSyncDiffError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -187,7 +187,7 @@ pub enum TreeSyncDiffError { } /// TreeKem error -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] #[allow(clippy::enum_variant_names)] pub enum TreeKemError { /// See [`LibraryError`] for more details. @@ -205,7 +205,7 @@ pub enum TreeKemError { } /// Errors that can happen during leaf node extension support validation. -#[derive(Clone, Debug, Error, PartialEq)] +#[derive(Debug, Error)] pub enum MemberExtensionValidationError { /// See [`LibraryError`] for more details. #[error(transparent)] @@ -219,7 +219,7 @@ pub enum MemberExtensionValidationError { } /// Errors that can happen during leaf node validation. -#[derive(Clone, Debug, Error, Eq, PartialEq)] +#[derive(Debug, Error)] pub enum LeafNodeValidationError { /// Lifetime is not acceptable. #[error("Lifetime is not acceptable.")] @@ -271,7 +271,7 @@ pub enum LeafNodeValidationError { } /// Errors that can happen during lifetime validation. -#[derive(Clone, Debug, Error, Eq, PartialEq)] +#[derive(Debug, Error)] pub enum LifetimeError { /// Lifetime range is too wide. #[error("Lifetime range is too wide.")] @@ -282,7 +282,7 @@ pub enum LifetimeError { } /// Errors that can happen during path validation. -#[derive(Debug, Clone, PartialEq, Eq, Error)] +#[derive(Debug, Error)] pub enum UpdatePathError { /// The update path contains an invalid type of leaf node. #[error("The update path contains an invalid type of leaf node.")] diff --git a/openmls/src/treesync/mod.rs b/openmls/src/treesync/mod.rs index 0cd5b34e80..e683fff23f 100644 --- a/openmls/src/treesync/mod.rs +++ b/openmls/src/treesync/mod.rs @@ -100,7 +100,7 @@ impl std::ops::Deref for RatchetTree { } /// An error during processing of an incoming ratchet tree. -#[derive(Error, Debug, PartialEq, Clone)] +#[derive(Error, Debug)] pub enum RatchetTreeError { /// The ratchet tree is empty. #[error("The ratchet tree has no nodes.")] diff --git a/traits/src/types.rs b/traits/src/types.rs index afb8f37a72..40f0978c4f 100644 --- a/traits/src/types.rs +++ b/traits/src/types.rs @@ -151,8 +151,6 @@ pub enum CryptoError { ExporterError, UnsupportedCiphersuite, TlsSerializationError, - InvalidCertificateChain, - IncompleteCertificateChain, CertificateDecodingError, CertificateEncodingError, IncompleteCertificate(&'static str), diff --git a/x509_credential/Cargo.toml b/x509_credential/Cargo.toml index f4ed4b1724..b04ada8e53 100644 --- a/x509_credential/Cargo.toml +++ b/x509_credential/Cargo.toml @@ -15,6 +15,7 @@ openmls_basic_credential = { version = "0.2.0", path = "../basic_credential" } fluvio-wasm-timer = "0.2" base64 = "0.21" uuid = "1.4" +thiserror = "1.0" rustls-platform-verifier = { path = "../../rustls-platform-verifier" } diff --git a/x509_credential/src/error.rs b/x509_credential/src/error.rs new file mode 100644 index 0000000000..6737f51c6f --- /dev/null +++ b/x509_credential/src/error.rs @@ -0,0 +1,13 @@ +use openmls_traits::types::CryptoError; + +#[derive(Debug, thiserror::Error)] +pub enum X509Error { + #[error(transparent)] + VerificationError(#[from] rustls_platform_verifier::WireX509Error), + #[error(transparent)] + CryptoError(#[from] CryptoError), + #[error("Certificate chain is not long enough")] + IncompleteCertificateChain, + #[error("Certificate chain is invalid")] + InvalidCertificateChain, +} diff --git a/x509_credential/src/lib.rs b/x509_credential/src/lib.rs index 168bcc869c..421efdde9b 100644 --- a/x509_credential/src/lib.rs +++ b/x509_credential/src/lib.rs @@ -3,6 +3,7 @@ //! An implementation of the x509 credential from the MLS spec. use base64::Engine; +use error::X509Error; use openmls_basic_credential::SignatureKeyPair; use x509_cert::der::Decode; @@ -11,42 +12,36 @@ use openmls_traits::{ types::{CryptoError, SignatureScheme}, }; +pub mod error; + #[derive(std::fmt::Debug, serde::Serialize, serde::Deserialize)] #[serde(transparent)] pub struct CertificateKeyPair(pub SignatureKeyPair); impl CertificateKeyPair { - /// Constructs the `CertificateKeyPair` from a private key and a der encoded certificate chain - pub fn try_new(sk: Vec, cert_chain: Vec>) -> Result { + /// Constructs the `CertificateKeyPair` from a private key and a der encoded certificate chain. + /// When + pub fn try_new(sk: Vec, mut cert_chain: Vec>) -> Result { if cert_chain.len() < 2 { - return Err(CryptoError::IncompleteCertificateChain); + return Err(X509Error::IncompleteCertificateChain); } - let verifier = rustls_platform_verifier::WireClientVerifier::new(); + let mut verifier = rustls_platform_verifier::WireClientVerifier::new(); - let end_entity = cert_chain - .get(0) - .map(|c| c.as_slice()) - .ok_or(CryptoError::IncompleteCertificateChain)?; + let end_entity = cert_chain.remove(0); - let intermediates = cert_chain.as_slice()[1..] - .into_iter() - .map(|c| c.as_slice()) - .collect::>(); + let intermediates = cert_chain; use rustls_platform_verifier::WireVerifier as _; + let options = rustls_platform_verifier::VerifyOptions::try_new(true, &[])?; verifier - .verify_client_cert( - &end_entity, - &intermediates[..], - rustls_platform_verifier::VerifyOptions::default(), - ) - .map_err(|_| CryptoError::InvalidCertificateChain)?; + .verify_client_cert(&end_entity, intermediates.as_slice(), options) + .map_err(|_| X509Error::InvalidCertificateChain)?; // We use x509_cert crate here because it is better at introspecting certs compared rustls which // is more TLS focused and does not come up with handy helpers - let end_entity = x509_cert::Certificate::from_der(end_entity.as_ref()) - .map_err(|_| CryptoError::InvalidCertificateChain)?; + let end_entity = x509_cert::Certificate::from_der(&end_entity[..]) + .map_err(|_| X509Error::InvalidCertificateChain)?; let signature_scheme = end_entity.signature_scheme()?; let pk = end_entity.public_key()?;