Merge pull request #220 from geonnave/improve-errors

geonnave · web-flow · commit 0071db1dfb63 · 2024-02-14T16:22:37.000+01:00
Improve error handling in msg buffer and authz
diff --git a/ead/lakers-ead-authz/src/device.rs b/ead/lakers-ead-authz/src/device.rs
@@ -1,4 +1,5 @@
 use super::shared::*;
+use crate::ZeroTouchError;
 use lakers_shared::{Crypto as CryptoTrait, *};
 
 #[derive(Debug)]
@@ -67,16 +68,19 @@ impl ZeroTouchDeviceWaitEAD2 {
         crypto: &mut Crypto,
         ead_2: EADItem,
         cred_v: &[u8],
-    ) -> Result<ZeroTouchDeviceDone, ()> {
-        if ead_2.label != EAD_ZEROCONF_LABEL || ead_2.value.is_none() {
-            return Err(());
+    ) -> Result<ZeroTouchDeviceDone, ZeroTouchError> {
+        if ead_2.label != EAD_ZEROCONF_LABEL {
+            return Err(ZeroTouchError::InvalidEADLabel);
         }
+        let Some(ead_2_value_buffer) = ead_2.value else {
+            return Err(ZeroTouchError::EmptyEADValue);
+        };
         let mut ead_2_value: BytesEncodedVoucher = Default::default();
-        ead_2_value[..].copy_from_slice(&ead_2.value.unwrap().content[..ENCODED_VOUCHER_LEN]);
+        ead_2_value[..].copy_from_slice(&ead_2_value_buffer.content[..ENCODED_VOUCHER_LEN]);
 
         match verify_voucher(crypto, &ead_2_value, &self.h_message_1, cred_v, &self.prk) {
             Ok(voucher) => Ok(ZeroTouchDeviceDone { voucher }),
-            Err(_) => Err(()),
+            Err(error) => Err(error),
         }
     }
 }
@@ -128,6 +132,23 @@ fn encode_ead_1_value(
     output
 }
 
+pub(crate) fn verify_voucher<Crypto: CryptoTrait>(
+    crypto: &mut Crypto,
+    received_voucher: &BytesEncodedVoucher,
+    h_message_1: &BytesHashLen,
+    cred_v: &[u8],
+    prk: &BytesHashLen,
+) -> Result<BytesMac, ZeroTouchError> {
+    let prepared_voucher = &prepare_voucher(crypto, h_message_1, cred_v, prk);
+    if received_voucher == prepared_voucher {
+        let mut voucher_mac: BytesMac = Default::default();
+        voucher_mac[..MAC_LENGTH].copy_from_slice(&prepared_voucher[1..1 + MAC_LENGTH]);
+        return Ok(voucher_mac);
+    } else {
+        return Err(ZeroTouchError::VoucherVerificationFailed);
+    }
+}
+
 #[cfg(test)]
 mod test_device {
     use super::*;
@@ -166,7 +187,7 @@ mod test_device {
 
     #[test]
     fn test_verify_voucher() {
-        let voucher_tv = VOUCHER_TV.try_into().unwrap();
+        let mut voucher_tv = VOUCHER_TV.try_into().unwrap();
         let h_message_1_tv = H_MESSAGE_1_TV.try_into().unwrap();
         let prk_tv = PRK_TV.try_into().unwrap();
         let voucher_mac_tv: BytesMac = VOUCHER_MAC_TV.try_into().unwrap();
@@ -180,6 +201,16 @@ mod test_device {
         );
         assert!(res.is_ok());
         assert_eq!(res.unwrap(), voucher_mac_tv);
+
+        voucher_tv[0] ^= 0x01; // change a byte to make the voucher invalid
+        let res = verify_voucher(
+            &mut default_crypto(),
+            &voucher_tv,
+            &h_message_1_tv,
+            &CRED_V_TV,
+            &prk_tv,
+        );
+        assert_eq!(res, Err(ZeroTouchError::VoucherVerificationFailed));
     }
 
     #[test]
diff --git a/ead/lakers-ead-authz/src/lib.rs b/ead/lakers-ead-authz/src/lib.rs
@@ -11,6 +11,14 @@ pub use authenticator::{ZeroTouchAuthenticator, ZeroTouchAuthenticatorWaitVouche
 pub use device::{ZeroTouchDevice, ZeroTouchDeviceDone, ZeroTouchDeviceWaitEAD2};
 pub use server::ZeroTouchServer;
 
+#[derive(PartialEq, Debug)]
+#[repr(C)]
+pub enum ZeroTouchError {
+    InvalidEADLabel,
+    EmptyEADValue,
+    VoucherVerificationFailed,
+}
+
 #[cfg(test)]
 mod test_authz {
     use crate::{
diff --git a/ead/lakers-ead-authz/src/shared.rs b/ead/lakers-ead-authz/src/shared.rs
@@ -22,23 +22,6 @@ pub(crate) fn compute_prk_from_secret<Crypto: CryptoTrait>(
     crypto.hkdf_extract(&salt, &g_ab)
 }
 
-pub(crate) fn verify_voucher<Crypto: CryptoTrait>(
-    crypto: &mut Crypto,
-    received_voucher: &BytesEncodedVoucher,
-    h_message_1: &BytesHashLen,
-    cred_v: &[u8],
-    prk: &BytesHashLen,
-) -> Result<BytesMac, ()> {
-    let prepared_voucher = &prepare_voucher(crypto, h_message_1, cred_v, prk);
-    if received_voucher == prepared_voucher {
-        let mut voucher_mac: BytesMac = Default::default();
-        voucher_mac[..MAC_LENGTH].copy_from_slice(&prepared_voucher[1..1 + MAC_LENGTH]);
-        return Ok(voucher_mac);
-    } else {
-        return Err(());
-    }
-}
-
 pub(crate) fn prepare_voucher<Crypto: CryptoTrait>(
     crypto: &mut Crypto,
     h_message_1: &BytesHashLen,
diff --git a/lakers-python/src/ead_authz/authenticator.rs b/lakers-python/src/ead_authz/authenticator.rs
@@ -22,7 +22,7 @@ impl PyAuthzAutenticator {
         ead_1: EADItem,
         message_1: Vec<u8>,
     ) -> PyResult<(Vec<u8>, Vec<u8>)> {
-        let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice()).unwrap(); // FIXME: avoid unwrap
+        let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice())?;
         let (state, loc_w, voucher_request) =
             self.authenticator.process_ead_1(&ead_1, &message_1)?;
         self.authenticator_wait = state;
@@ -33,8 +33,7 @@ impl PyAuthzAutenticator {
     }
 
     pub fn prepare_ead_2(&self, voucher_response: Vec<u8>) -> PyResult<EADItem> {
-        let voucher_response =
-            EdhocMessageBuffer::new_from_slice(voucher_response.as_slice()).unwrap(); // FIXME: avoid unwrap
+        let voucher_response = EdhocMessageBuffer::new_from_slice(voucher_response.as_slice())?;
         Ok(self.authenticator_wait.prepare_ead_2(&voucher_response)?)
     }
 }
diff --git a/lakers-python/src/initiator.rs b/lakers-python/src/initiator.rs
@@ -61,7 +61,7 @@ impl PyEdhocInitiator {
         &mut self,
         message_2: Vec<u8>,
     ) -> PyResult<(u8, Vec<u8>, Option<EADItem>)> {
-        let message_2 = EdhocMessageBuffer::new_from_slice(message_2.as_slice()).unwrap(); // FIXME: avoid unwrap
+        let message_2 = EdhocMessageBuffer::new_from_slice(message_2.as_slice())?;
 
         match i_parse_message_2(&self.wait_m2, &mut default_crypto(), &message_2) {
             Ok((state, c_r, id_cred_r, ead_2)) => {
diff --git a/lakers-python/src/responder.rs b/lakers-python/src/responder.rs
@@ -34,7 +34,7 @@ impl PyEdhocResponder {
     }
 
     fn process_message_1(&mut self, message_1: Vec<u8>) -> PyResult<Option<EADItem>> {
-        let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice()).unwrap(); // FIXME: avoid unwrap call
+        let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice())?;
         let (state, ead_1) = r_process_message_1(&self.start, &mut default_crypto(), &message_1)?;
         self.processing_m1 = state;
 
@@ -73,7 +73,7 @@ impl PyEdhocResponder {
     }
 
     pub fn parse_message_3(&mut self, message_3: Vec<u8>) -> PyResult<(Vec<u8>, Option<EADItem>)> {
-        let message_3 = EdhocMessageBuffer::new_from_slice(message_3.as_slice()).unwrap(); // FIXME: avoid unwrap call
+        let message_3 = EdhocMessageBuffer::new_from_slice(message_3.as_slice())?;
         match r_parse_message_3(&mut self.wait_m3, &mut default_crypto(), &message_3) {
             Ok((state, id_cred_i, ead_3)) => {
                 self.processing_m3 = state;
diff --git a/lakers-python/test/test_lakers.py b/lakers-python/test/test_lakers.py
@@ -62,8 +62,14 @@ def test_handshake():
     r_prk_out_new = responder.edhoc_key_update(CONTEXT)
     assert i_prk_out_new == r_prk_out_new
 
-def test_error():
+def test_edhoc_error():
     responder = lakers.EdhocResponder(R, CRED_R)
     with pytest.raises(ValueError) as err:
-        _ead_1 = responder.process_message_1([1, 2, 3])
+        _ = responder.process_message_1([1, 2, 3])
     assert str(err.value) == "EDHOCError::ParsingError"
+
+def test_buffer_error():
+    initiator = lakers.EdhocInitiator()
+    with pytest.raises(ValueError) as err:
+        _ = initiator.parse_message_2([1] * 1000)
+    assert str(err.value) == "MessageBufferError::SliceTooLong"
diff --git a/shared/src/lib.rs b/shared/src/lib.rs
@@ -210,6 +210,13 @@ pub enum CredentialTransfer {
     ByValue,
 }
 
+#[derive(PartialEq, Debug)]
+#[repr(C)]
+pub enum MessageBufferError {
+    BufferAlreadyFull,
+    SliceTooLong,
+}
+
 /// An owned u8 vector of a limited length
 ///
 /// It is used to represent the various messages in encrypted and in decrypted form, as well as
@@ -238,26 +245,26 @@ impl EdhocMessageBuffer {
         }
     }
 
-    pub fn new_from_slice(slice: &[u8]) -> Result<Self, ()> {
+    pub fn new_from_slice(slice: &[u8]) -> Result<Self, MessageBufferError> {
         let mut buffer = Self::new();
         if buffer.fill_with_slice(slice).is_ok() {
             Ok(buffer)
         } else {
-            Err(())
+            Err(MessageBufferError::SliceTooLong)
         }
     }
 
     pub fn get(self, index: usize) -> Option<u8> {
         self.content.get(index).copied()
     }
 
-    pub fn push(&mut self, item: u8) -> Result<(), ()> {
+    pub fn push(&mut self, item: u8) -> Result<(), MessageBufferError> {
         if self.len < self.content.len() {
             self.content[self.len] = item;
             self.len += 1;
             Ok(())
         } else {
-            Err(())
+            Err(MessageBufferError::BufferAlreadyFull)
         }
     }
 
@@ -269,23 +276,23 @@ impl EdhocMessageBuffer {
         &self.content[0..self.len]
     }
 
-    pub fn fill_with_slice(&mut self, slice: &[u8]) -> Result<(), ()> {
+    pub fn fill_with_slice(&mut self, slice: &[u8]) -> Result<(), MessageBufferError> {
         if slice.len() <= self.content.len() {
             self.len = slice.len();
             self.content[..self.len].copy_from_slice(slice);
             Ok(())
         } else {
-            Err(())
+            Err(MessageBufferError::SliceTooLong)
         }
     }
 
-    pub fn extend_from_slice(&mut self, slice: &[u8]) -> Result<(), ()> {
+    pub fn extend_from_slice(&mut self, slice: &[u8]) -> Result<(), MessageBufferError> {
         if self.len + slice.len() <= self.content.len() {
             self.content[self.len..self.len + slice.len()].copy_from_slice(slice);
             self.len += slice.len();
             Ok(())
         } else {
-            Err(())
+            Err(MessageBufferError::SliceTooLong)
         }
     }
 
diff --git a/shared/src/python_bindings.rs b/shared/src/python_bindings.rs
@@ -18,6 +18,18 @@ impl From<EDHOCError> for PyErr {
     }
 }
 
+impl fmt::Display for MessageBufferError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "MessageBufferError::{:?}", self)
+    }
+}
+
+impl From<MessageBufferError> for PyErr {
+    fn from(error: MessageBufferError) -> Self {
+        PyValueError::new_err(error.to_string())
+    }
+}
+
 #[pymethods]
 impl EADItem {
     #[new]

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ impl PyAuthzAutenticator {`
`22`	`22`	`ead_1: EADItem,`
`23`	`23`	`message_1: Vec<u8>,`
`24`	`24`	`) -> PyResult<(Vec<u8>, Vec<u8>)> {`
`25`		`- let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice()).unwrap(); // FIXME: avoid unwrap`
	`25`	`+ let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice())?;`
`26`	`26`	`let (state, loc_w, voucher_request) =`
`27`	`27`	`self.authenticator.process_ead_1(&ead_1, &message_1)?;`
`28`	`28`	`self.authenticator_wait = state;`
`@@ -33,8 +33,7 @@ impl PyAuthzAutenticator {`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`pub fn prepare_ead_2(&self, voucher_response: Vec<u8>) -> PyResult<EADItem> {`
`36`		`- let voucher_response =`
`37`		`- EdhocMessageBuffer::new_from_slice(voucher_response.as_slice()).unwrap(); // FIXME: avoid unwrap`
	`36`	`+ let voucher_response = EdhocMessageBuffer::new_from_slice(voucher_response.as_slice())?;`
`38`	`37`	`Ok(self.authenticator_wait.prepare_ead_2(&voucher_response)?)`
`39`	`38`	`}`
`40`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ impl PyEdhocResponder {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`fn process_message_1(&mut self, message_1: Vec<u8>) -> PyResult<Option<EADItem>> {`
`37`		`- let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice()).unwrap(); // FIXME: avoid unwrap call`
	`37`	`+ let message_1 = EdhocMessageBuffer::new_from_slice(message_1.as_slice())?;`
`38`	`38`	`let (state, ead_1) = r_process_message_1(&self.start, &mut default_crypto(), &message_1)?;`
`39`	`39`	`self.processing_m1 = state;`
`40`	`40`
`@@ -73,7 +73,7 @@ impl PyEdhocResponder {`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`pub fn parse_message_3(&mut self, message_3: Vec<u8>) -> PyResult<(Vec<u8>, Option<EADItem>)> {`
`76`		`- let message_3 = EdhocMessageBuffer::new_from_slice(message_3.as_slice()).unwrap(); // FIXME: avoid unwrap call`
	`76`	`+ let message_3 = EdhocMessageBuffer::new_from_slice(message_3.as_slice())?;`
`77`	`77`	`match r_parse_message_3(&mut self.wait_m3, &mut default_crypto(), &message_3) {`
`78`	`78`	`Ok((state, id_cred_i, ead_3)) => {`
`79`	`79`	`self.processing_m3 = state;`
Original file line number	Diff line number	Diff line change
`@@ -210,6 +210,13 @@ pub enum CredentialTransfer {`
`210`	`210`	`ByValue,`
`211`	`211`	`}`
`212`	`212`
	`213`	`+#[derive(PartialEq, Debug)]`
	`214`	`+#[repr(C)]`
	`215`	`+pub enum MessageBufferError {`
	`216`	`+ BufferAlreadyFull,`
	`217`	`+ SliceTooLong,`
	`218`	`+}`
	`219`	`+`
`213`	`220`	`/// An owned u8 vector of a limited length`
`214`	`221`	`///`
`215`	`222`	`/// It is used to represent the various messages in encrypted and in decrypted form, as well as`
`@@ -238,26 +245,26 @@ impl EdhocMessageBuffer {`
`238`	`245`	`}`
`239`	`246`	`}`
`240`	`247`
`241`		`- pub fn new_from_slice(slice: &[u8]) -> Result<Self, ()> {`
	`248`	`+ pub fn new_from_slice(slice: &[u8]) -> Result<Self, MessageBufferError> {`
`242`	`249`	`let mut buffer = Self::new();`
`243`	`250`	`if buffer.fill_with_slice(slice).is_ok() {`
`244`	`251`	`Ok(buffer)`
`245`	`252`	`} else {`
`246`		`- Err(())`
	`253`	`+ Err(MessageBufferError::SliceTooLong)`
`247`	`254`	`}`
`248`	`255`	`}`
`249`	`256`
`250`	`257`	`pub fn get(self, index: usize) -> Option<u8> {`
`251`	`258`	`self.content.get(index).copied()`
`252`	`259`	`}`
`253`	`260`
`254`		`- pub fn push(&mut self, item: u8) -> Result<(), ()> {`
	`261`	`+ pub fn push(&mut self, item: u8) -> Result<(), MessageBufferError> {`
`255`	`262`	`if self.len < self.content.len() {`
`256`	`263`	`self.content[self.len] = item;`
`257`	`264`	`self.len += 1;`
`258`	`265`	`Ok(())`
`259`	`266`	`} else {`
`260`		`- Err(())`
	`267`	`+ Err(MessageBufferError::BufferAlreadyFull)`
`261`	`268`	`}`
`262`	`269`	`}`
`263`	`270`
`@@ -269,23 +276,23 @@ impl EdhocMessageBuffer {`
`269`	`276`	`&self.content[0..self.len]`
`270`	`277`	`}`
`271`	`278`
`272`		`- pub fn fill_with_slice(&mut self, slice: &[u8]) -> Result<(), ()> {`
	`279`	`+ pub fn fill_with_slice(&mut self, slice: &[u8]) -> Result<(), MessageBufferError> {`
`273`	`280`	`if slice.len() <= self.content.len() {`
`274`	`281`	`self.len = slice.len();`
`275`	`282`	`self.content[..self.len].copy_from_slice(slice);`
`276`	`283`	`Ok(())`
`277`	`284`	`} else {`
`278`		`- Err(())`
	`285`	`+ Err(MessageBufferError::SliceTooLong)`
`279`	`286`	`}`
`280`	`287`	`}`
`281`	`288`
`282`		`- pub fn extend_from_slice(&mut self, slice: &[u8]) -> Result<(), ()> {`
	`289`	`+ pub fn extend_from_slice(&mut self, slice: &[u8]) -> Result<(), MessageBufferError> {`
`283`	`290`	`if self.len + slice.len() <= self.content.len() {`
`284`	`291`	`self.content[self.len..self.len + slice.len()].copy_from_slice(slice);`
`285`	`292`	`self.len += slice.len();`
`286`	`293`	`Ok(())`
`287`	`294`	`} else {`
`288`		`- Err(())`
	`295`	`+ Err(MessageBufferError::SliceTooLong)`
`289`	`296`	`}`
`290`	`297`	`}`
`291`	`298`