From 3665dc0a7544b9c086aa3611e6cad533843f6773 Mon Sep 17 00:00:00 2001 From: jorgeantonio21 Date: Thu, 1 Sep 2022 08:33:00 +0100 Subject: [PATCH 1/7] refactor dht inbound error --- comms/dht/src/crypt.rs | 1 + comms/dht/src/inbound/error.rs | 2 ++ comms/dht/src/inbound/mod.rs | 1 + 3 files changed, 4 insertions(+) diff --git a/comms/dht/src/crypt.rs b/comms/dht/src/crypt.rs index 4b42361a40..b89fd9e429 100644 --- a/comms/dht/src/crypt.rs +++ b/comms/dht/src/crypt.rs @@ -49,6 +49,7 @@ use crate::{ envelope::{DhtMessageFlags, DhtMessageHeader, DhtMessageType, NodeDestination}, outbound::DhtOutboundError, version::DhtProtocolVersion, + inbound::DhtInboundError, }; #[derive(Debug, Clone, Zeroize)] diff --git a/comms/dht/src/inbound/error.rs b/comms/dht/src/inbound/error.rs index 6681bdedc5..933d8431af 100644 --- a/comms/dht/src/inbound/error.rs +++ b/comms/dht/src/inbound/error.rs @@ -45,4 +45,6 @@ pub enum DhtInboundError { InvalidPeerIdentitySignature(String), #[error("Invalid peer: {0}")] PeerValidatorError(#[from] PeerValidatorError), + #[error("Invalid decryption, nonce not included")] + InvalidDecryptionNonceNotIncluded, } diff --git a/comms/dht/src/inbound/mod.rs b/comms/dht/src/inbound/mod.rs index 460efaeab5..776a54c4f3 100644 --- a/comms/dht/src/inbound/mod.rs +++ b/comms/dht/src/inbound/mod.rs @@ -38,6 +38,7 @@ mod metrics; pub use metrics::MetricsLayer; mod error; +pub use error::DhtInboundError; mod message; From d281dc04f32a94bfa52592b4f3c0b5f70ec57f1a Mon Sep 17 00:00:00 2001 From: jorgeantonio21 Date: Thu, 1 Sep 2022 09:25:38 +0100 Subject: [PATCH 2/7] change DhtOuboundError to DhtInboundError use for decryption --- comms/dht/src/crypt.rs | 18 +++++++----------- comms/dht/src/inbound/decryption.rs | 15 +++++++++------ comms/dht/src/inbound/error.rs | 2 ++ comms/dht/src/store_forward/error.rs | 3 +++ 4 files changed, 21 insertions(+), 17 deletions(-) diff --git a/comms/dht/src/crypt.rs b/comms/dht/src/crypt.rs index b89fd9e429..8ac6f0fbeb 100644 --- a/comms/dht/src/crypt.rs +++ b/comms/dht/src/crypt.rs @@ -47,9 +47,9 @@ use crate::{ comms_dht_hash_domain_key_message, comms_dht_hash_domain_key_signature, envelope::{DhtMessageFlags, DhtMessageHeader, DhtMessageType, NodeDestination}, + inbound::DhtInboundError, outbound::DhtOutboundError, version::DhtProtocolVersion, - inbound::DhtInboundError, }; #[derive(Debug, Clone, Zeroize)] @@ -91,7 +91,7 @@ fn pad_message_to_base_length_multiple(message: &[u8]) -> Vec { output } -fn get_original_message_from_padded_text(message: &[u8]) -> Result, DhtOutboundError> { +fn get_original_message_from_padded_text(message: &[u8]) -> Result, DhtInboundError> { let mut le_bytes = [0u8; 4]; le_bytes.copy_from_slice(&message[..LITTLE_ENDIAN_U32_SIZE_REPRESENTATION]); @@ -99,9 +99,7 @@ fn get_original_message_from_padded_text(message: &[u8]) -> Result, DhtO let original_message_len = u32::from_le_bytes(le_bytes) as usize; if original_message_len > message.len() { - return Err(DhtOutboundError::CipherError( - "Original length message is invalid".to_string(), - )); + return Err(DhtInboundError::InvalidDecryptionNonceNotIncluded); } // obtain original message @@ -129,11 +127,9 @@ pub fn generate_key_signature_for_authenticated_encryption(data: &[u8]) -> Authe } /// Decrypts cipher text using ChaCha20 stream cipher given the cipher key and cipher text with integral nonce. -pub fn decrypt(cipher_key: &CipherKey, cipher_text: &[u8]) -> Result, DhtOutboundError> { +pub fn decrypt(cipher_key: &CipherKey, cipher_text: &[u8]) -> Result, DhtInboundError> { if cipher_text.len() < size_of::() { - return Err(DhtOutboundError::CipherError( - "Cipher text is not long enough to include nonce".to_string(), - )); + return Err(DhtInboundError::InvalidDecryptionNonceNotIncluded); } let (nonce, cipher_text) = cipher_text.split_at(size_of::()); @@ -151,7 +147,7 @@ pub fn decrypt(cipher_key: &CipherKey, cipher_text: &[u8]) -> Result, Dh pub fn decrypt_with_chacha20_poly1305( cipher_key: &AuthenticatedCipherKey, cipher_signature: &[u8], -) -> Result, DhtOutboundError> { +) -> Result, DhtInboundError> { let nonce = [0u8; size_of::()]; let nonce_ga = chacha20poly1305::Nonce::from_slice(&nonce); @@ -159,7 +155,7 @@ pub fn decrypt_with_chacha20_poly1305( let cipher = ChaCha20Poly1305::new(&cipher_key.0); let decrypted_signature = cipher .decrypt(nonce_ga, cipher_signature) - .map_err(|_| DhtOutboundError::CipherError(String::from("Authenticated decryption failed")))?; + .map_err(|_| DhtInboundError::InvalidAuthenticatedDecryption)?; Ok(decrypted_signature) } diff --git a/comms/dht/src/inbound/decryption.rs b/comms/dht/src/inbound/decryption.rs index 03b805c361..9a26e65814 100644 --- a/comms/dht/src/inbound/decryption.rs +++ b/comms/dht/src/inbound/decryption.rs @@ -37,7 +37,10 @@ use tower::{layer::Layer, Service, ServiceExt}; use crate::{ crypt, envelope::DhtMessageHeader, - inbound::message::{DecryptedDhtMessage, DhtInboundMessage, ValidatedDhtInboundMessage}, + inbound::{ + message::{DecryptedDhtMessage, DhtInboundMessage, ValidatedDhtInboundMessage}, + DhtInboundError, + }, message_signature::{MessageSignature, MessageSignatureError, ProtoMessageSignature}, DhtConfig, }; @@ -68,10 +71,10 @@ enum DecryptionError { MessageRejectDecryptionFailed, #[error("Failed to decode envelope body")] EnvelopeBodyDecodeFailed, - #[error("Failed to decrypt message body")] - MessageBodyDecryptionFailed, #[error("Encrypted message without a destination is invalid")] EncryptedMessageNoDestination, + #[error("Decryption failed: {0}")] + MalformedCipherDecryptionFailed(#[from] DhtInboundError), } /// This layer is responsible for attempting to decrypt inbound messages. @@ -405,8 +408,8 @@ where S: Service message_body: &[u8], ) -> Result { let key_message = crypt::generate_key_message(shared_secret); - let decrypted = - crypt::decrypt(&key_message, message_body).map_err(|_| DecryptionError::MessageBodyDecryptionFailed)?; + let decrypted = crypt::decrypt(&key_message, message_body) + .map_err(|e| DecryptionError::MalformedCipherDecryptionFailed(e))?; // Deserialization into an EnvelopeBody is done here to determine if the // decryption produced valid bytes or not. EnvelopeBody::decode(decrypted.as_slice()) @@ -432,7 +435,7 @@ where S: Service } Ok(body) }) - .map_err(|_| DecryptionError::MessageBodyDecryptionFailed) + .map_err(|_| DecryptionError::EnvelopeBodyDecodeFailed) } async fn success_not_encrypted( diff --git a/comms/dht/src/inbound/error.rs b/comms/dht/src/inbound/error.rs index 933d8431af..51bd2551de 100644 --- a/comms/dht/src/inbound/error.rs +++ b/comms/dht/src/inbound/error.rs @@ -47,4 +47,6 @@ pub enum DhtInboundError { PeerValidatorError(#[from] PeerValidatorError), #[error("Invalid decryption, nonce not included")] InvalidDecryptionNonceNotIncluded, + #[error("Invalid authenticated decryption")] + InvalidAuthenticatedDecryption, } diff --git a/comms/dht/src/store_forward/error.rs b/comms/dht/src/store_forward/error.rs index 92a897b509..3e6ee1163b 100644 --- a/comms/dht/src/store_forward/error.rs +++ b/comms/dht/src/store_forward/error.rs @@ -33,6 +33,7 @@ use thiserror::Error; use crate::{ actor::DhtActorError, envelope::DhtMessageError, + inbound::DhtInboundError, message_signature::MessageSignatureError, outbound::DhtOutboundError, storage::StorageError, @@ -51,6 +52,8 @@ pub enum StoreAndForwardError { DhtOutboundError(#[from] DhtOutboundError), #[error("Received stored message has an invalid destination")] InvalidDestination, + #[error("DhtInboundError: {0}")] + DhtInboundError(#[from] DhtInboundError), #[error("Received stored message has an invalid origin signature: {0}")] InvalidMessageSignature(#[from] MessageSignatureError), #[error("Invalid envelope body")] From 5ae7cdb78d29b47b08707073a6172ad799349877 Mon Sep 17 00:00:00 2001 From: jorgeantonio21 Date: Thu, 1 Sep 2022 09:26:25 +0100 Subject: [PATCH 3/7] small refactor --- comms/dht/src/inbound/decryption.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/comms/dht/src/inbound/decryption.rs b/comms/dht/src/inbound/decryption.rs index 9a26e65814..d73a3c1ee3 100644 --- a/comms/dht/src/inbound/decryption.rs +++ b/comms/dht/src/inbound/decryption.rs @@ -74,7 +74,7 @@ enum DecryptionError { #[error("Encrypted message without a destination is invalid")] EncryptedMessageNoDestination, #[error("Decryption failed: {0}")] - MalformedCipherDecryptionFailed(#[from] DhtInboundError), + DecryptionFailedMalformedCipher(#[from] DhtInboundError), } /// This layer is responsible for attempting to decrypt inbound messages. @@ -409,7 +409,7 @@ where S: Service ) -> Result { let key_message = crypt::generate_key_message(shared_secret); let decrypted = crypt::decrypt(&key_message, message_body) - .map_err(|e| DecryptionError::MalformedCipherDecryptionFailed(e))?; + .map_err(|e| DecryptionError::DecryptionFailedMalformedCipher(e))?; // Deserialization into an EnvelopeBody is done here to determine if the // decryption produced valid bytes or not. EnvelopeBody::decode(decrypted.as_slice()) From 1cb1d1e6bb65af4d852da88c9bd9db3defc435f0 Mon Sep 17 00:00:00 2001 From: jorgeantonio21 Date: Fri, 2 Sep 2022 13:17:49 +0100 Subject: [PATCH 4/7] cargo clippy resolve --- comms/dht/src/inbound/decryption.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/comms/dht/src/inbound/decryption.rs b/comms/dht/src/inbound/decryption.rs index d73a3c1ee3..7768c8d900 100644 --- a/comms/dht/src/inbound/decryption.rs +++ b/comms/dht/src/inbound/decryption.rs @@ -409,7 +409,7 @@ where S: Service ) -> Result { let key_message = crypt::generate_key_message(shared_secret); let decrypted = crypt::decrypt(&key_message, message_body) - .map_err(|e| DecryptionError::DecryptionFailedMalformedCipher(e))?; + .map_err(DecryptionError::DecryptionFailedMalformedCipher)?; // Deserialization into an EnvelopeBody is done here to determine if the // decryption produced valid bytes or not. EnvelopeBody::decode(decrypted.as_slice()) From 69cabe68e70f04dd1c397e34d3d8cb4d245b9b63 Mon Sep 17 00:00:00 2001 From: jorgeantonio21 Date: Fri, 2 Sep 2022 13:37:27 +0100 Subject: [PATCH 5/7] run cargo fmt --- comms/dht/src/inbound/decryption.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/comms/dht/src/inbound/decryption.rs b/comms/dht/src/inbound/decryption.rs index 7768c8d900..7373e2876f 100644 --- a/comms/dht/src/inbound/decryption.rs +++ b/comms/dht/src/inbound/decryption.rs @@ -408,8 +408,8 @@ where S: Service message_body: &[u8], ) -> Result { let key_message = crypt::generate_key_message(shared_secret); - let decrypted = crypt::decrypt(&key_message, message_body) - .map_err(DecryptionError::DecryptionFailedMalformedCipher)?; + let decrypted = + crypt::decrypt(&key_message, message_body).map_err(DecryptionError::DecryptionFailedMalformedCipher)?; // Deserialization into an EnvelopeBody is done here to determine if the // decryption produced valid bytes or not. EnvelopeBody::decode(decrypted.as_slice()) From d8e2625355bbdb207a4157bdced5f244d6a610a7 Mon Sep 17 00:00:00 2001 From: jorgeantonio21 Date: Fri, 2 Sep 2022 14:11:17 +0100 Subject: [PATCH 6/7] refactor necessary tests --- comms/dht/src/crypt.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/comms/dht/src/crypt.rs b/comms/dht/src/crypt.rs index 8ac6f0fbeb..36bc5d9772 100644 --- a/comms/dht/src/crypt.rs +++ b/comms/dht/src/crypt.rs @@ -328,7 +328,7 @@ mod test { assert!(decrypt_with_chacha20_poly1305(&key, encrypted.as_slice()) .unwrap_err() .to_string() - .contains("Authenticated decryption failed")); + .contains("Invalid authenticated decryption")); } #[test] @@ -348,7 +348,7 @@ mod test { assert!(decrypt_with_chacha20_poly1305(&key, encrypted.as_slice()) .unwrap_err() .to_string() - .contains("Authenticated decryption failed")); + .contains("Invalid authenticated decryption")); } #[test] @@ -370,7 +370,7 @@ mod test { assert!(decrypt_with_chacha20_poly1305(&other_key, encrypted.as_slice()) .unwrap_err() .to_string() - .contains("Authenticated decryption failed")); + .contains("Invalid authenticated decryption")); } #[test] @@ -509,7 +509,7 @@ mod test { assert!(get_original_message_from_padded_text(pad_message.as_slice()) .unwrap_err() .to_string() - .contains("Original length message is invalid")); + .contains("Invalid decryption, nonce not included")); } #[test] From a12eef9586068034fb35e5395e60212973ae7ae1 Mon Sep 17 00:00:00 2001 From: jorgeantonio21 Date: Sun, 4 Sep 2022 18:27:04 +0100 Subject: [PATCH 7/7] add appropriate error enum for encrypt and decrypt comms --- comms/dht/src/crypt.rs | 33 ++++++++++++------------- comms/dht/src/error.rs | 37 ++++++++++++++++++++++++++++ comms/dht/src/inbound/decryption.rs | 8 +++--- comms/dht/src/inbound/error.rs | 13 ++++++---- comms/dht/src/lib.rs | 3 +++ comms/dht/src/outbound/error.rs | 7 +++++- comms/dht/src/store_forward/error.rs | 3 +++ 7 files changed, 76 insertions(+), 28 deletions(-) create mode 100644 comms/dht/src/error.rs diff --git a/comms/dht/src/crypt.rs b/comms/dht/src/crypt.rs index 9401b41707..518cace315 100644 --- a/comms/dht/src/crypt.rs +++ b/comms/dht/src/crypt.rs @@ -47,8 +47,7 @@ use crate::{ comms_dht_hash_domain_key_message, comms_dht_hash_domain_key_signature, envelope::{DhtMessageFlags, DhtMessageHeader, DhtMessageType, NodeDestination}, - inbound::DhtInboundError, - outbound::DhtOutboundError, + error::DhtEncryptError, version::DhtProtocolVersion, }; @@ -70,10 +69,10 @@ pub fn generate_ecdh_secret(secret_key: &CommsSecretKey, public_key: &CommsPubli output } -fn pad_message_to_base_length_multiple(message: &[u8]) -> Result, DhtOutboundError> { +fn pad_message_to_base_length_multiple(message: &[u8]) -> Result, DhtEncryptError> { // We require a 32-bit length representation, and also don't want to overflow after including this encoding if message.len() > ((u32::max_value() - (size_of::() as u32)) as usize) { - return Err(DhtOutboundError::PaddingError("Message is too long".to_string())); + return Err(DhtEncryptError::PaddingError("Message is too long".to_string())); } let message_length = message.len(); let encoded_length = (message_length as u32).to_le_bytes(); @@ -94,20 +93,20 @@ fn pad_message_to_base_length_multiple(message: &[u8]) -> Result, DhtOut Ok(padded_message) } -fn get_original_message_from_padded_text(padded_message: &[u8]) -> Result, DhtOutboundError> { +fn get_original_message_from_padded_text(padded_message: &[u8]) -> Result, DhtEncryptError> { // NOTE: This function can return errors relating to message length // It is important not to leak error types to an adversary, or to have timing differences // The padded message must be long enough to extract the encoded message length if padded_message.len() < size_of::() { - return Err(DhtOutboundError::PaddingError( + return Err(DhtEncryptError::PaddingError( "Padded message is not long enough for length extraction".to_string(), )); } // The padded message must be a multiple of the base length if (padded_message.len() % MESSAGE_BASE_LENGTH) != 0 { - return Err(DhtOutboundError::PaddingError( + return Err(DhtEncryptError::PaddingError( "Padded message must be a multiple of the base length".to_string(), )); } @@ -120,9 +119,9 @@ fn get_original_message_from_padded_text(padded_message: &[u8]) -> Result()) - .ok_or_else(|| DhtOutboundError::PaddingError("Claimed unpadded message length is too large".to_string()))?; + .ok_or_else(|| DhtEncryptError::PaddingError("Claimed unpadded message length is too large".to_string()))?; if end > padded_message.len() { - return Err(DhtOutboundError::CipherError( + return Err(DhtEncryptError::CipherError( "Claimed unpadded message length is too large".to_string(), )); } @@ -151,9 +150,9 @@ pub fn generate_key_signature_for_authenticated_encryption(data: &[u8]) -> Authe } /// Decrypts cipher text using ChaCha20 stream cipher given the cipher key and cipher text with integral nonce. -pub fn decrypt(cipher_key: &CipherKey, cipher_text: &[u8]) -> Result, DhtInboundError> { +pub fn decrypt(cipher_key: &CipherKey, cipher_text: &[u8]) -> Result, DhtEncryptError> { if cipher_text.len() < size_of::() { - return Err(DhtInboundError::InvalidDecryptionNonceNotIncluded); + return Err(DhtEncryptError::InvalidDecryptionNonceNotIncluded); } let (nonce, cipher_text) = cipher_text.split_at(size_of::()); @@ -171,7 +170,7 @@ pub fn decrypt(cipher_key: &CipherKey, cipher_text: &[u8]) -> Result, Dh pub fn decrypt_with_chacha20_poly1305( cipher_key: &AuthenticatedCipherKey, cipher_signature: &[u8], -) -> Result, DhtInboundError> { +) -> Result, DhtEncryptError> { let nonce = [0u8; size_of::()]; let nonce_ga = chacha20poly1305::Nonce::from_slice(&nonce); @@ -179,13 +178,13 @@ pub fn decrypt_with_chacha20_poly1305( let cipher = ChaCha20Poly1305::new(&cipher_key.0); let decrypted_signature = cipher .decrypt(nonce_ga, cipher_signature) - .map_err(|_| DhtInboundError::InvalidAuthenticatedDecryption)?; + .map_err(|_| DhtEncryptError::InvalidAuthenticatedDecryption)?; Ok(decrypted_signature) } /// Encrypt the plain text using the ChaCha20 stream cipher -pub fn encrypt(cipher_key: &CipherKey, plain_text: &[u8]) -> Result, DhtOutboundError> { +pub fn encrypt(cipher_key: &CipherKey, plain_text: &[u8]) -> Result, DhtEncryptError> { // pad plain_text to avoid message length leaks let plain_text = pad_message_to_base_length_multiple(plain_text)?; @@ -211,7 +210,7 @@ pub fn encrypt(cipher_key: &CipherKey, plain_text: &[u8]) -> Result, Dht pub fn encrypt_with_chacha20_poly1305( cipher_key: &AuthenticatedCipherKey, signature: &[u8], -) -> Result, DhtOutboundError> { +) -> Result, DhtEncryptError> { let nonce = [0u8; size_of::()]; let nonce_ga = chacha20poly1305::Nonce::from_slice(&nonce); @@ -220,7 +219,7 @@ pub fn encrypt_with_chacha20_poly1305( // length of encrypted equals signature.len() + 16 (the latter being the tag size for ChaCha20-poly1305) let encrypted = cipher .encrypt(nonce_ga, signature) - .map_err(|_| DhtOutboundError::CipherError(String::from("Authenticated encryption failed")))?; + .map_err(|_| DhtEncryptError::CipherError(String::from("Authenticated encryption failed")))?; Ok(encrypted) } @@ -325,7 +324,7 @@ mod test { let encrypted = cipher .encrypt(nonce_ga, signature) - .map_err(|_| DhtOutboundError::CipherError(String::from("Authenticated encryption failed"))) + .map_err(|_| DhtEncryptError::CipherError(String::from("Authenticated encryption failed"))) .unwrap(); assert_eq!(encrypted.len(), n + 16); diff --git a/comms/dht/src/error.rs b/comms/dht/src/error.rs new file mode 100644 index 0000000000..a0d8718cee --- /dev/null +++ b/comms/dht/src/error.rs @@ -0,0 +1,37 @@ +// Copyright 2019, The Tari Project +// +// Redistribution and use in source and binary forms, with or without modification, are permitted provided that the +// following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following +// disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the +// following disclaimer in the documentation and/or other materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote +// products derived from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +// INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +// USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +use thiserror::Error; + +#[derive(Debug, Error)] +pub enum DhtEncryptError { + #[error("Message body invalid")] + InvalidMessageBody, + #[error("Invalid decryption, nonce not included")] + InvalidDecryptionNonceNotIncluded, + #[error("Invalid authenticated decryption")] + InvalidAuthenticatedDecryption, + #[error("Cipher error: `{0}`")] + CipherError(String), + #[error("Padding error: `{0}`")] + PaddingError(String), +} diff --git a/comms/dht/src/inbound/decryption.rs b/comms/dht/src/inbound/decryption.rs index 3af7c60e63..3c9c9e634c 100644 --- a/comms/dht/src/inbound/decryption.rs +++ b/comms/dht/src/inbound/decryption.rs @@ -37,10 +37,8 @@ use tower::{layer::Layer, Service, ServiceExt}; use crate::{ crypt, envelope::DhtMessageHeader, - inbound::{ - message::{DecryptedDhtMessage, DhtInboundMessage, ValidatedDhtInboundMessage}, - DhtInboundError, - }, + error::DhtEncryptError, + inbound::message::{DecryptedDhtMessage, DhtInboundMessage, ValidatedDhtInboundMessage}, message_signature::{MessageSignature, MessageSignatureError, ProtoMessageSignature}, DhtConfig, }; @@ -74,7 +72,7 @@ enum DecryptionError { #[error("Encrypted message without a destination is invalid")] EncryptedMessageNoDestination, #[error("Decryption failed: {0}")] - DecryptionFailedMalformedCipher(#[from] DhtInboundError), + DecryptionFailedMalformedCipher(#[from] DhtEncryptError), } /// This layer is responsible for attempting to decrypt inbound messages. diff --git a/comms/dht/src/inbound/error.rs b/comms/dht/src/inbound/error.rs index 51bd2551de..aec8ea076c 100644 --- a/comms/dht/src/inbound/error.rs +++ b/comms/dht/src/inbound/error.rs @@ -23,7 +23,12 @@ use tari_comms::{message::MessageError, peer_manager::PeerManagerError}; use thiserror::Error; -use crate::{discovery::DhtDiscoveryError, outbound::DhtOutboundError, peer_validator::PeerValidatorError}; +use crate::{ + discovery::DhtDiscoveryError, + error::DhtEncryptError, + outbound::DhtOutboundError, + peer_validator::PeerValidatorError, +}; #[derive(Debug, Error)] pub enum DhtInboundError { @@ -33,6 +38,8 @@ pub enum DhtInboundError { PeerManagerError(#[from] PeerManagerError), #[error("DhtOutboundError: {0}")] DhtOutboundError(#[from] DhtOutboundError), + #[error("DhtEncryptError: {0}")] + DhtEncryptError(#[from] DhtEncryptError), #[error("Message body invalid")] InvalidMessageBody, #[error("All given addresses were invalid")] @@ -45,8 +52,4 @@ pub enum DhtInboundError { InvalidPeerIdentitySignature(String), #[error("Invalid peer: {0}")] PeerValidatorError(#[from] PeerValidatorError), - #[error("Invalid decryption, nonce not included")] - InvalidDecryptionNonceNotIncluded, - #[error("Invalid authenticated decryption")] - InvalidAuthenticatedDecryption, } diff --git a/comms/dht/src/lib.rs b/comms/dht/src/lib.rs index 10d630e6e5..e84e202fb7 100644 --- a/comms/dht/src/lib.rs +++ b/comms/dht/src/lib.rs @@ -91,6 +91,9 @@ pub use dht::{Dht, DhtInitializationError}; mod discovery; pub use discovery::{DhtDiscoveryError, DhtDiscoveryRequester}; +mod error; +pub use error::DhtEncryptError; + mod network_discovery; pub use network_discovery::NetworkDiscoveryConfig; diff --git a/comms/dht/src/outbound/error.rs b/comms/dht/src/outbound/error.rs index fdd255534a..0759f7e7ce 100644 --- a/comms/dht/src/outbound/error.rs +++ b/comms/dht/src/outbound/error.rs @@ -26,10 +26,15 @@ use tari_utilities::message_format::MessageFormatError; use thiserror::Error; use tokio::sync::mpsc::error::SendError; -use crate::outbound::{message::SendFailure, DhtOutboundRequest}; +use crate::{ + error::DhtEncryptError, + outbound::{message::SendFailure, DhtOutboundRequest}, +}; #[derive(Debug, Error)] pub enum DhtOutboundError { + #[error("DhtEncryptError: {0}")] + DhtEncryptError(#[from] DhtEncryptError), #[error("`Failed to send: {0}")] SendError(#[from] SendError), #[error("MessageSerializationError: {0}")] diff --git a/comms/dht/src/store_forward/error.rs b/comms/dht/src/store_forward/error.rs index 3e6ee1163b..e3cc4b1e8b 100644 --- a/comms/dht/src/store_forward/error.rs +++ b/comms/dht/src/store_forward/error.rs @@ -33,6 +33,7 @@ use thiserror::Error; use crate::{ actor::DhtActorError, envelope::DhtMessageError, + error::DhtEncryptError, inbound::DhtInboundError, message_signature::MessageSignatureError, outbound::DhtOutboundError, @@ -50,6 +51,8 @@ pub enum StoreAndForwardError { PeerManagerError(#[from] PeerManagerError), #[error("DhtOutboundError: {0}")] DhtOutboundError(#[from] DhtOutboundError), + #[error("DhtEncryptError: {0}")] + DhtEncryptError(#[from] DhtEncryptError), #[error("Received stored message has an invalid destination")] InvalidDestination, #[error("DhtInboundError: {0}")]