fix processing armored data

dr-orlovsky · dr-orlovsky · commit 90ee76ca94b8 · 2024-05-26T16:01:06.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,7 +23,7 @@ required-features = ["cli"]
 [dependencies]
 amplify = "4.6.0"
 strict_encoding = "2.7.0-beta.4"
-ascii-armor = "0.7.0"
+ascii-armor = "0.7.1"
 baid64 = "0.2.2"
 base64 = "0.22.1"
 secp256k1 = { version = "0.29.0", features = ["rand", "global-context", "rand-std"] }
diff --git a/src/encrypt.rs b/src/encrypt.rs
@@ -35,18 +35,21 @@ use crate::{Algo, InvalidPubkey, SsiPair, SsiPub, LIB_NAME_SSI};
 
 #[derive(Copy, Clone, Debug, Display, Error)]
 pub enum EncryptionError {
-    #[display("the number of receivers exceeds 2^16")]
+    #[display("the number of receivers exceeds 2^16.")]
     TooManyReceivers,
-    #[display("invalid public key {0}")]
+    #[display("invalid public key {0}.")]
     InvalidPubkey(SsiPub),
 }
 
-#[derive(Copy, Clone, Debug, Display, Error)]
+#[derive(Copy, Clone, Debug, Display, Error, From)]
 pub enum DecryptionError {
-    #[display("the message can't be decrypted using key {0}")]
+    #[display("the message can't be decrypted using key {0}.")]
     KeyMismatch(SsiPub),
-    #[display("invalid public key {0}")]
+    #[display("invalid public key {0}.")]
     InvalidPubkey(SsiPub),
+    #[from(aes_gcm::Error)]
+    #[display("unable to decrypt data.")]
+    Decrypt,
 }
 
 #[derive(Clone, Debug, From)]
@@ -142,7 +145,7 @@ impl Encrypted {
         let key = pair
             .decrypt_key(key)
             .map_err(|_| DecryptionError::InvalidPubkey(pair.pk))?;
-        Ok(decrypt(self.data.as_slice(), self.nonce.into(), key))
+        Ok(decrypt(self.data.as_slice(), self.nonce.into(), key)?)
     }
 }
 
@@ -195,13 +198,12 @@ pub fn encrypt(source: Vec<u8>, key: impl AsRef<[u8]>) -> (Nonce<Aes256Gcm>, Vec
     (nonce, ciphered_data)
 }
 
-pub fn decrypt(encrypted: &[u8], nonce: Nonce<Aes256Gcm>, key: impl AsRef<[u8]>) -> Vec<u8> {
+pub fn decrypt(
+    encrypted: &[u8],
+    nonce: Nonce<Aes256Gcm>,
+    key: impl AsRef<[u8]>,
+) -> Result<Vec<u8>, aes_gcm::Error> {
     let key = Sha256::digest(key.as_ref());
     let key = aes_gcm::Key::<Aes256Gcm>::from_slice(key.as_slice());
-
-    let cipher = Aes256Gcm::new(key);
-
-    cipher
-        .decrypt(&nonce, encrypted)
-        .expect("failed to decrypt data")
+    Aes256Gcm::new(key).decrypt(&nonce, encrypted)
 }
diff --git a/src/secret.rs b/src/secret.rs
@@ -50,6 +50,10 @@ pub enum RevealError {
 
     /// unsupported algorithm #{0}.
     Unsupported(u8),
+
+    /// unable to decrypt data.
+    #[from(aes_gcm::Error)]
+    Decrypt,
 }
 
 #[derive(Clone, Eq, PartialEq, Ord, PartialOrd, Hash)]
@@ -62,7 +66,7 @@ pub struct EncryptedSecret {
 
 impl EncryptedSecret {
     pub fn reveal(&self, passwd: impl AsRef<str>) -> Result<SsiSecret, RevealError> {
-        let sk = decrypt(&self.key, self.nonce, passwd.as_ref());
+        let sk = decrypt(&self.key, self.nonce, passwd.as_ref())?;
         match self.algo {
             Algo::Ed25519 => Ok(ec25519::SecretKey::from_slice(&sk)?.into()),
             Algo::Bip340 => Ok(secp256k1::SecretKey::from_slice(&sk)?.into()),
