Correct return error code when key cannot be decoded (#130)

veraison · Feb 10, 2023 · 0cd299d · 0cd299d
1 parent 8dc4423
commit 0cd299d
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 6 deletions.
diff --git a/errors.go b/errors.go
@@ -13,4 +13,5 @@ var (
 	ErrNoSignatures          = errors.New("no signatures attached")
 	ErrUnavailableHashFunc   = errors.New("hash function is not available")
 	ErrVerification          = errors.New("verification error")
+	ErrInvalidPubKey         = errors.New("invalid public key")
 )
diff --git a/signer.go b/signer.go
@@ -41,7 +41,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 	case AlgorithmPS256, AlgorithmPS384, AlgorithmPS512:
 		vk, ok := key.Public().(*rsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		// RFC 8230 6.1 requires RSA keys having a minimum size of 2048 bits.
 		// Reference: https://www.rfc-editor.org/rfc/rfc8230.html#section-6.1
@@ -55,7 +55,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 	case AlgorithmES256, AlgorithmES384, AlgorithmES512:
 		vk, ok := key.Public().(*ecdsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		if sk, ok := key.(*ecdsa.PrivateKey); ok {
 			return &ecdsaKeySigner{
@@ -70,7 +70,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
 		}, nil
 	case AlgorithmEd25519:
 		if _, ok := key.Public().(ed25519.PublicKey); !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ed25519Signer{
 			key: key,

diff --git a/verifier.go b/verifier.go
@@ -30,7 +30,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmPS256, AlgorithmPS384, AlgorithmPS512:
 		vk, ok := key.(*rsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		// RFC 8230 6.1 requires RSA keys having a minimun size of 2048 bits.
 		// Reference: https://www.rfc-editor.org/rfc/rfc8230.html#section-6.1
@@ -44,7 +44,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmES256, AlgorithmES384, AlgorithmES512:
 		vk, ok := key.(*ecdsa.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		if !vk.Curve.IsOnCurve(vk.X, vk.Y) {
 			return nil, errors.New("public key point is not on curve")
@@ -56,7 +56,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
 	case AlgorithmEd25519:
 		vk, ok := key.(ed25519.PublicKey)
 		if !ok {
-			return nil, fmt.Errorf("%v: %w", alg, ErrAlgorithmMismatch)
+			return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
 		}
 		return &ed25519Verifier{
 			key: vk,