signstar_crypto/key/error.rs
1//! Error handling
2
3use crate::key::base::{KeyMechanism, KeyType, MIN_RSA_BIT_LENGTH, SignatureType};
4
5/// An error that can occur when dealing with keys.
6#[derive(Debug, thiserror::Error)]
7pub enum Error {
8 /// Importing from PKCS#8 DER or PEM failed
9 #[error("PKCS#8 error: {0}")]
10 Pkcs8(#[from] rsa::pkcs8::Error),
11
12 /// No primes found when importing an RSA key
13 #[error("No primes found")]
14 NoPrimes,
15
16 /// The [`KeyType`] is not supported
17 #[error("The {0} key type is not supported")]
18 UnsupportedKeyType(KeyType),
19
20 /// An input buffer is too long when trying to pad it.
21 #[error(
22 "The input buffer is {buffer_len} bytes long, but should be padded to only {pad_len} bytes in length."
23 )]
24 PaddingInputTooLong {
25 /// The length of the input buffer.
26 buffer_len: usize,
27 /// The length of the buffer the input should be padded to.
28 pad_len: usize,
29 },
30
31 /// The key mechanisms provided for a key type are not valid
32 #[error(
33 "The key type {key_type} does not support the following key mechanisms: {invalid_mechanisms:?}"
34 )]
35 InvalidKeyMechanism {
36 /// The key type not supporting specific mechanisms.
37 key_type: KeyType,
38 /// The list of invalid key mechanisms.
39 invalid_mechanisms: Vec<KeyMechanism>,
40 },
41
42 /// Elliptic curve keys do not support providing a length
43 #[error("Elliptic curve key ({key_type}) does not support setting length")]
44 KeyLengthUnsupported {
45 /// The key type that does not support setting length.
46 key_type: KeyType,
47 },
48
49 /// Key type requires setting a length
50 #[error("Generating a key of type {key_type} requires setting a length")]
51 KeyLengthRequired {
52 /// The key type that requires a length.
53 key_type: KeyType,
54 },
55
56 /// AES key is generated with unsupported key length (not 128, 192 or 256)
57 #[error(
58 "AES only defines key lengths of 128, 192 and 256. A key length of {key_length} is unsupported!"
59 )]
60 InvalidKeyLengthAes {
61 /// The invalid key length.
62 key_length: u32,
63 },
64
65 /// RSA key is generated with unsafe key length (smaller than 2048)
66 #[error(
67 "RSA keys shorter than {MIN_RSA_BIT_LENGTH} are not supported. A key length of {key_length} is unsafe!"
68 )]
69 InvalidKeyLengthRsa {
70 /// The invalid key length.
71 key_length: u32,
72 },
73
74 /// The signature type provided for a key type is not valid
75 #[error("The key type {key_type} is not compatible with signature type: {signature_type}")]
76 InvalidKeyTypeForSignatureType {
77 /// The key type.
78 key_type: KeyType,
79 /// The signature type that is invalid for the use with `key_type`.
80 signature_type: SignatureType,
81 },
82
83 /// The key mechanisms provided for a signature type are not valid
84 #[error(
85 "The key mechanism {required_key_mechanism} must be used with signature type {signature_type}"
86 )]
87 InvalidKeyMechanismsForSignatureType {
88 /// The invalid key mechanism.
89 required_key_mechanism: KeyMechanism,
90 /// The signature type matching the key mechanism.
91 signature_type: SignatureType,
92 },
93
94 /// A signing key setup is not compatible with raw cryptographic signing
95 #[error(
96 "The key type {key_type}, key mechanisms {key_mechanisms:?} and signature type {signature_type} are incompatible with raw cryptographic signing"
97 )]
98 InvalidRawSigningKeySetup {
99 /// The key type incompatible with raw cryptographic signing.
100 key_type: KeyType,
101 /// The list of key mechanisms incompatible with raw cryptographic signing.
102 key_mechanisms: Vec<KeyMechanism>,
103 /// The signature type incompatible with raw cryptographic signing.
104 signature_type: SignatureType,
105 },
106
107 /// A signing key setup is not compatible with OpenPGP signing
108 #[error(
109 "The key type {key_type}, key mechanisms {key_mechanisms:?} and signature type {signature_type} are incompatible with OpenPGP signing"
110 )]
111 InvalidOpenPgpSigningKeySetup {
112 /// The key type incompatible with OpenPGP signing.
113 key_type: KeyType,
114 /// The list of key mechanisms incompatible with OpenPGP signing.
115 key_mechanisms: Vec<KeyMechanism>,
116 /// The signature type incompatible with OpenPGP signing.
117 signature_type: SignatureType,
118 },
119
120 /// An unsupported key mechanism has been encountered.
121 #[error("Unsupported key mechanism: {0}")]
122 #[cfg(feature = "nethsm")]
123 UnsupportedNetHsmKeyMechanism(nethsm_sdk_rs::models::KeyMechanism),
124
125 /// Unsupported private key data for a specific key type has been encountered.
126 #[error("Private key data for key type {key_type} is not supported because {context}")]
127 UnsupportedPrivateKeyData {
128 /// The key type of the unsupported private key data.
129 key_type: KeyType,
130
131 /// The context in which the error occurred.
132 ///
133 /// This is meant to complete the sentence "Private key data for key type {key_type} is not
134 /// supported because ".
135 context: &'static str,
136 },
137
138 /// Unsupported private key data for a specific key type has been encountered.
139 #[error("The signature type {signature_type} is not supported because {context}")]
140 UnsupportedSignatureType {
141 /// The unsupported signature type.
142 signature_type: SignatureType,
143
144 /// The context in which the error occurred.
145 ///
146 /// This is meant to complete the sentence "The signature type {signature_type} is not
147 /// supported because ".
148 context: &'static str,
149 },
150
151 /// An unsupported algorithm has been encountered.
152 #[error("The YubiHSM2 algorithm {algorithm:?} is not a key type, because {context}")]
153 #[cfg(feature = "yubihsm2")]
154 YubiHsm2AlgorithmNotAKeyType {
155 /// The unsupported YubiHSM2 algorithm.
156 algorithm: yubihsm::Algorithm,
157
158 /// The context in which the error occurred.
159 ///
160 /// This is meant to complete the sentence "The YubiHSM2 algorithm {algorithm} is
161 /// not a key type, because ".
162 context: &'static str,
163 },
164}