Merge #271

271: support for combined errors from mbedtls r=jethrogb a=mkaynov

Error enum updated with variants:
    HighLevel(HiError),                                - for mbedtls error including HighLevel code only
    LowLevel(LoError),                                - for mbedtls error including LowLevel code only
    HighAndLowLevel(HiError, LoError)      - for mbedtls combined error

This closes #7 

Co-authored-by: Max K <[email protected]>
Co-authored-by: Max K <[email protected]>

Author: 3 people

ct.sh

@@ -20,6 +20,8 @@ export CC_x86_64_fortanix_unknown_sgx=clang-11
 export CC_aarch64_unknown_linux_musl=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
 export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
 export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER=qemu-aarch64
+# to be removed after migration to rustc 1.70.., issue #277
+export RUSTFLAGS="-A ambiguous_glob_reexports"
 
 if [ "$TRAVIS_RUST_VERSION" == "stable" ] || [ "$TRAVIS_RUST_VERSION" == "beta" ] || [ "$TRAVIS_RUST_VERSION" == "nightly" ]; then
     # Install the rust toolchain

mbedtls/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "mbedtls"
-version = "0.9.1"
+version = "0.10.0"
 authors = ["Jethro Beekman <[email protected]>"]
 build = "build.rs"
 edition = "2018"
@@ -75,7 +75,7 @@ dsa = ["std", "yasna", "num-bigint", "bit-vec"]
 pkcs12 = ["std", "yasna"]
 pkcs12_rc2 = ["pkcs12", "rc2", "cbc"]
 legacy_protocols = ["mbedtls-sys-auto/legacy_protocols"]
-async = ["std", "tokio","tokio/net","tokio/io-util", "tokio/macros"]
+async = ["std", "tokio", "tokio/net", "tokio/io-util", "tokio/macros"]
 async-rt = ["async", "tokio/rt", "tokio/sync", "tokio/rt-multi-thread"]
 
 [[example]]

mbedtls/src/bignum/mod.rs

@@ -6,7 +6,10 @@
  * option. This file may not be copied, modified, or distributed except
  * according to those terms. */
 
-use crate::error::{Error, IntoResult, Result};
+
+ #[cfg(feature = "std")]
+use crate::error::Error;
+use crate::error::{IntoResult, Result, codes};
 use mbedtls_sys::*;
 
 #[cfg(not(feature = "std"))]
@@ -142,7 +145,7 @@ impl Mpi {
     pub fn as_u32(&self) -> Result<u32> {
         if self.bit_length()? > 32 {
             // Not exactly correct but close enough
-            return Err(Error::MpiBufferTooSmall);
+            return Err(codes::MpiBufferTooSmall.into());
         }
 
         Ok(self.get_limb(0) as u32)
@@ -165,7 +168,7 @@ impl Mpi {
             unsafe { mpi_write_string(&self.inner, radix, ::core::ptr::null_mut(), 0, &mut olen) };
 
         if r != ERR_MPI_BUFFER_TOO_SMALL {
-            return Err(Error::from_mbedtls_code(r));
+            return Err(r.into());
         }
 
         let mut buf = vec![0u8; olen];
@@ -258,20 +261,20 @@ impl Mpi {
         let zero = Mpi::new(0)?;
 
         if self < &zero || self >= p {
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
         if self == &zero {
             return Ok(zero);
         }
 
         // This ignores p=2 (for which this algorithm is valid), as not cryptographically interesting.
         if p.get_bit(0) == false || p <= &zero {
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
 
         if self.jacobi(p)? != 1 {
             // a is not a quadratic residue mod p
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
 
         if (p % 4)?.as_u32()? == 3 {
@@ -318,7 +321,7 @@ impl Mpi {
                 bo = bo.mod_exp(&two, p)?;
                 m += 1;
                 if m >= r {
-                    return Err(Error::MpiBadInputData);
+                    return Err(codes::MpiBadInputData.into());
                 }
             }
 
@@ -351,7 +354,7 @@ impl Mpi {
         let one = Mpi::new(1)?;
 
         if self < &zero || n < &zero || n.get_bit(0) == false {
-            return Err(Error::MpiBadInputData);
+            return Err(codes::MpiBadInputData.into());
         }
 
         let mut x = self.modulo(n)?;

mbedtls/src/cipher/raw/mod.rs

@@ -8,7 +8,7 @@
 
 use mbedtls_sys::*;
 
-use crate::error::{Error, IntoResult, Result};
+use crate::error::{IntoResult, Result, codes};
 
 mod serde;
 
@@ -234,7 +234,7 @@ impl Cipher {
         };
 
         if outdata.len() < reqd_size {
-            return Err(Error::CipherFullBlockExpected);
+            return Err(codes::CipherFullBlockExpected.into());
         }
 
         let mut olen = 0;
@@ -254,7 +254,7 @@ impl Cipher {
     pub fn finish(&mut self, outdata: &mut [u8]) -> Result<usize> {
         // Check that minimum required space is available in outdata buffer
         if outdata.len() < self.block_size() {
-            return Err(Error::CipherFullBlockExpected);
+            return Err(codes::CipherFullBlockExpected.into());
         }
 
         let mut olen = 0;
@@ -325,7 +325,7 @@ impl Cipher {
         if cipher_and_tag.len()
             .checked_sub(tag_len)
             .map_or(true, |cipher_len| cipher_len < plain.len()) {
-            return Err(Error::CipherBadInputData);
+            return Err(codes::CipherBadInputData.into());
         }
 
         let iv = self.inner.iv;
@@ -363,7 +363,7 @@ impl Cipher {
             cipher_and_tag.len()
                 .checked_sub(tag_len)
                 .map_or(true, |cipher_len| plain.len() < cipher_len) {
-            return Err(Error::CipherBadInputData);
+            return Err(codes::CipherBadInputData.into());
         }
 
         let iv = self.inner.iv;
@@ -474,7 +474,7 @@ impl Cipher {
     pub fn cmac(&mut self, key: &[u8], data: &[u8], outdata: &mut [u8]) -> Result<()> {
         // Check that outdata buffer has enough space
         if outdata.len() < self.block_size() {
-            return Err(Error::CipherFullBlockExpected);
+            return Err(codes::CipherFullBlockExpected.into());
         }
         self.reset()?;
         unsafe {

mbedtls/src/ecp/mod.rs

@@ -7,7 +7,7 @@
  * according to those terms. */
 
 use core::convert::TryFrom;
-use crate::error::{Error, IntoResult, Result};
+use crate::error::{Error, IntoResult, Result, codes};
 use mbedtls_sys::*;
 
 #[cfg(not(feature = "std"))]
@@ -114,7 +114,7 @@ impl EcGroup {
             || &order <= &zero
             || (&a == &zero && &b == &zero)
         {
-            return Err(Error::EcpBadInputData);
+            return Err(codes::EcpBadInputData.into());
         }
 
         // Compute `order - 2`, needed below.
@@ -135,7 +135,7 @@ impl EcGroup {
         Test that the provided generator satisfies the curve equation
          */
         if unsafe { ecp_check_pubkey(&ret.inner, &ret.inner.G) } != 0 {
-            return Err(Error::EcpBadInputData);
+            return Err(codes::EcpBadInputData.into());
         }
 
         /*
@@ -162,7 +162,7 @@ impl EcGroup {
         let is_zero = unsafe { ecp_is_zero(&g_m.inner as *const ecp_point as *mut ecp_point) };
 
         if is_zero != 1 {
-            return Err(Error::EcpBadInputData);
+            return Err(codes::EcpBadInputData.into());
         }
 
         Ok(ret)
@@ -200,7 +200,7 @@ impl EcGroup {
             EcGroupId::Curve25519 => Ok(8),
             EcGroupId::Curve448 => Ok(4),
             // Requires a point-counting algorithm such as SEA.
-            EcGroupId::None => Err(Error::EcpFeatureUnavailable),
+            EcGroupId::None => Err(codes::EcpFeatureUnavailable.into()),
             _ => Ok(1),
         }
     }
@@ -213,7 +213,7 @@ impl EcGroup {
         match unsafe { ecp_check_pubkey(&self.inner, &point.inner) } {
             0 => Ok(true),
             ERR_ECP_INVALID_KEY => Ok(false),
-            err => Err(Error::from_mbedtls_code(err)),
+            err => Err(err.into()),
         }
     }
 }
@@ -256,7 +256,7 @@ impl EcPoint {
     }
 
     pub fn from_binary(group: &EcGroup, bin: &[u8]) -> Result<EcPoint> {
-        let prefix = *bin.get(0).ok_or(Error::EcpBadInputData)?;
+        let prefix = *bin.get(0).ok_or(Error::from(codes::EcpBadInputData))?;
 
         if prefix == 0x02 || prefix == 0x03 {
             // Compressed point, which mbedtls does not understand
@@ -267,7 +267,7 @@ impl EcPoint {
             let b = group.b()?;
 
             if bin.len() != (p.byte_length()? + 1) {
-                return Err(Error::EcpBadInputData);
+                return Err(codes::EcpBadInputData.into());
             }
 
             let x = Mpi::from_binary(&bin[1..]).unwrap();
@@ -319,7 +319,7 @@ impl EcPoint {
         match unsafe { ecp_is_zero(&self.inner as *const ecp_point as *mut ecp_point) } {
             0 => Ok(false),
             1 => Ok(true),
-            _ => Err(Error::EcpInvalidKey),
+            _ => Err(codes::EcpInvalidKey.into()),
         }
     }
 
@@ -355,11 +355,11 @@ impl EcPoint {
         let mut ret = Self::init();
 
         if group.contains_point(&pt1)? == false {
-            return Err(Error::EcpInvalidKey);
+            return Err(codes::EcpInvalidKey.into());
         }
 
         if group.contains_point(&pt2)? == false {
-            return Err(Error::EcpInvalidKey);
+            return Err(codes::EcpInvalidKey.into());
         }
 
         unsafe {
@@ -383,7 +383,7 @@ impl EcPoint {
         match r {
             0 => Ok(true),
             ERR_ECP_BAD_INPUT_DATA => Ok(false),
-            x => Err(Error::from_mbedtls_code(x)),
+            x => Err(x.into()),
         }
     }