MystenLabs · benr-ml · Feb 8, 2023 · Feb 8, 2023 · Feb 8, 2023
diff --git a/fastcrypto-zkp/src/api.rs b/fastcrypto-zkp/src/api.rs
@@ -46,5 +46,6 @@ pub fn verify_groth16_in_bytes(
         delta_g2_neg_pc_bytes,
     )?;
 
-    verify_with_processed_vk(&blst_pvk, &[x], &proof).map_err(|_| FastCryptoError::GeneralError)
+    verify_with_processed_vk(&blst_pvk, &[x], &proof)
+        .map_err(|_| FastCryptoError::GeneralOpaqueError)
 }
diff --git a/fastcrypto/src/aes.rs b/fastcrypto/src/aes.rs
@@ -272,7 +272,7 @@ where
         let mut buffer: Vec<u8> = ciphertext.to_vec();
         cipher
             .decrypt_in_place(iv.as_bytes().into(), aad, &mut buffer)
-            .map_err(|_| FastCryptoError::GeneralError)?;
+            .map_err(|_| FastCryptoError::GeneralOpaqueError)?;
         Ok(buffer)
     }
 }

diff --git a/fastcrypto/src/bls12381/mod.rs b/fastcrypto/src/bls12381/mod.rs
@@ -557,22 +557,22 @@ impl AggregateAuthenticator for BLS12381AggregateSignature {
             sig: sig.to_signature(),
             bytes: OnceCell::new(),
         })
-        .map_err(|_| FastCryptoError::GeneralError)
+        .map_err(|_| FastCryptoError::GeneralOpaqueError)
     }
 
     fn add_signature(&mut self, signature: Self::Sig) -> Result<(), FastCryptoError> {
         let mut aggr_sig = blst::AggregateSignature::from_signature(&self.sig);
                 aggr_sig
                     .add_signature(&signature.sig, true)
-                    .map_err(|_| FastCryptoError::GeneralError)?;
+                    .map_err(|_| FastCryptoError::GeneralOpaqueError)?;
                 self.sig = aggr_sig.to_signature();
                 Ok(())
 
     }
 
     fn add_aggregate(&mut self, signature: Self) -> Result<(), FastCryptoError> {
         let result = blst::AggregateSignature::aggregate(&[&self.sig, &signature.sig], true)
-                        .map_err(|_| FastCryptoError::GeneralError)?
+                        .map_err(|_| FastCryptoError::GeneralOpaqueError)?
                         .to_signature();
          self.sig = result;
         Ok(())
@@ -593,7 +593,7 @@ impl AggregateAuthenticator for BLS12381AggregateSignature {
                 &pks.iter().map(|x| &x.pubkey).collect::<Vec<_>>()[..],
             );
         if result != BLST_ERROR::BLST_SUCCESS {
-            return Err(FastCryptoError::GeneralError);
+            return Err(FastCryptoError::GeneralOpaqueError);
         }
         Ok(())
     }
@@ -613,7 +613,7 @@ impl AggregateAuthenticator for BLS12381AggregateSignature {
                 true,
             );
         if result != BLST_ERROR::BLST_SUCCESS {
-            return Err(FastCryptoError::GeneralError);
+            return Err(FastCryptoError::GeneralOpaqueError);
         }
         Ok(())
     }
@@ -641,7 +641,7 @@ impl AggregateAuthenticator for BLS12381AggregateSignature {
                         .collect::<Vec<_>>()[..],
                 );
             if result != BLST_ERROR::BLST_SUCCESS {
-                return Err(FastCryptoError::GeneralError);
+                return Err(FastCryptoError::GeneralOpaqueError);
             }
         }
         Ok(())

diff --git a/fastcrypto/src/ed25519.rs b/fastcrypto/src/ed25519.rs
@@ -495,7 +495,7 @@ impl AggregateAuthenticator for Ed25519AggregateSignature {
 
         batch
             .verify(OsRng)
-            .map_err(|_| FastCryptoError::GeneralError)
+            .map_err(|_| FastCryptoError::GeneralOpaqueError)
     }
 
     fn verify_different_msg(
@@ -515,7 +515,7 @@ impl AggregateAuthenticator for Ed25519AggregateSignature {
 
         batch
             .verify(OsRng)
-            .map_err(|_| FastCryptoError::GeneralError)
+            .map_err(|_| FastCryptoError::GeneralOpaqueError)
     }
 
     fn batch_verify<'a>(
@@ -541,7 +541,7 @@ impl AggregateAuthenticator for Ed25519AggregateSignature {
         }
         batch
             .verify(OsRng)
-            .map_err(|_| FastCryptoError::GeneralError)
+            .map_err(|_| FastCryptoError::GeneralOpaqueError)
     }
 }
 

diff --git a/fastcrypto/src/error.rs b/fastcrypto/src/error.rs
@@ -6,13 +6,15 @@
 //! A function should validate its arguments and return an indicative errors where needed.
 //! However, once the function is executing the cryptographic protocol/algorithm (directly/
 //! indirectly) then it should not return explicit errors as it might leak private information.
-//! In those cases the function should return the opaque, general error [FastCryptoError::GeneralError].
-//! When in doubt, prefer [FastCryptoError::GeneralError].
+//! In those cases the function should return the opaque, general error [FastCryptoError::GeneralOpaqueError].
+//! When in doubt, prefer [FastCryptoError::GeneralOpaqueError].
 
 use thiserror::Error;
 
+pub type FastCryptoResult<T> = Result<T, FastCryptoError>;
+
 /// Collection of errors to be used in fastcrypto.
-#[derive(Error, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, Error, Eq, PartialEq)]
 pub enum FastCryptoError {
     /// Invalid value was given to the function
     #[error("Invalid value was given to the function")]
@@ -38,7 +40,17 @@ pub enum FastCryptoError {
     #[error("Invalid proof was given to the function")]
     InvalidProof,
 
+    /// General cryptographic error.
+    #[error("General cryptographic error: {0}")]
+    GeneralError(String),
+
     /// General opaque cryptographic error.
     #[error("General cryptographic error")]
-    GeneralError,
+    GeneralOpaqueError,
+}
+
+impl From<signature::Error> for FastCryptoError {
+    fn from(_: signature::Error) -> Self {
+        FastCryptoError::InvalidSignature
+    }
 }
diff --git a/fastcrypto/src/hmac.rs b/fastcrypto/src/hmac.rs
@@ -83,7 +83,7 @@ where
 
     let mut okm = vec![0u8; K::PrivKey::LENGTH];
     hk.expand(info, &mut okm)
-        .map_err(|_| FastCryptoError::GeneralError)?;
+        .map_err(|_| FastCryptoError::GeneralOpaqueError)?;
 
     let secret_key = K::PrivKey::from_bytes(&okm[..]).unwrap();
 
@@ -127,6 +127,6 @@ pub fn hkdf_sha3_256(
     let hk = hkdf::Hkdf::<sha3::Sha3_256, Hmac<sha3::Sha3_256>>::new(Some(salt), ikm.as_bytes());
     let mut output: Vec<u8> = vec![0; output_length];
     hk.expand(info, output.as_mut_slice())
-        .map_err(|_| FastCryptoError::GeneralError)?;
+        .map_err(|_| FastCryptoError::GeneralOpaqueError)?;
     Ok(output)
 }
diff --git a/fastcrypto/src/secp256k1/recoverable.rs b/fastcrypto/src/secp256k1/recoverable.rs
@@ -435,7 +435,7 @@ impl Secp256k1RecoverableSignature {
                 Ok(pubkey) => {
                     Secp256k1RecoverablePublicKey::from_bytes(pubkey.serialize().as_slice())
                 }
-                Err(_) => Err(FastCryptoError::GeneralError),
+                Err(_) => Err(FastCryptoError::GeneralOpaqueError),
             },
             Err(_) => Err(FastCryptoError::InvalidInput),
         }

diff --git a/fastcrypto/src/secp256r1/recoverable.rs b/fastcrypto/src/secp256r1/recoverable.rs
@@ -454,7 +454,7 @@ impl Secp256r1RecoverableSignature {
     ///
     /// This is copied from `recover_verify_key_from_digest_bytes` in the k256@0.11.6 crate except for a few additions.
     ///
-    /// An [FastCryptoError::GeneralError] is returned if no public keys can be recovered.
+    /// An [FastCryptoError::GeneralOpaqueError] is returned if no public keys can be recovered.
     pub fn recover(&self, msg: &[u8]) -> Result<Secp256r1RecoverablePublicKey, FastCryptoError> {
         let (r, s) = self.sig.split_scalars();
         let v = RecoveryId::from_byte(self.recovery_id).ok_or(FastCryptoError::InvalidInput)?;
@@ -479,11 +479,11 @@ impl Secp256r1RecoverableSignature {
 
             Ok(Secp256r1RecoverablePublicKey {
                 pubkey: ExternalPublicKey::from_affine(pk)
-                    .map_err(|_| FastCryptoError::GeneralError)?,
+                    .map_err(|_| FastCryptoError::GeneralOpaqueError)?,
                 bytes: OnceCell::new(),
             })
         } else {
-            Err(FastCryptoError::GeneralError)
+            Err(FastCryptoError::GeneralOpaqueError)
         }
     }
 

diff --git a/fastcrypto/src/tests/aes_tests.rs b/fastcrypto/src/tests/aes_tests.rs
@@ -122,17 +122,17 @@ fn single_wycheproof_test<
 
     // Verify that the cipher text is
     if test.ct != ciphertext[..test.pt.len()] {
-        return Err(FastCryptoError::GeneralError);
+        return Err(FastCryptoError::GeneralOpaqueError);
     }
 
     if test.tag != ciphertext[test.pt.len()..] {
-        return Err(FastCryptoError::GeneralError);
+        return Err(FastCryptoError::GeneralOpaqueError);
     }
 
     let plaintext = cipher.decrypt_authenticated(&iv, &test.aad, &ciphertext)?;
 
     if test.pt != plaintext {
-        return Err(FastCryptoError::GeneralError);
+        return Err(FastCryptoError::GeneralOpaqueError);
     }
     Ok(())
 }

diff --git a/fastcrypto/src/traits.rs b/fastcrypto/src/traits.rs
@@ -50,7 +50,8 @@ pub trait ToFromBytes: AsRef<[u8]> + Debug + Sized {
 
 impl<T: signature::Signature> ToFromBytes for T {
     fn from_bytes(bytes: &[u8]) -> Result<Self, FastCryptoError> {
-        <Self as signature::Signature>::from_bytes(bytes).map_err(|_| FastCryptoError::GeneralError)
+        <Self as signature::Signature>::from_bytes(bytes)
+            .map_err(|_| FastCryptoError::GeneralOpaqueError)
     }
 }
 

diff --git a/fastcrypto/src/unsecure/signature.rs b/fastcrypto/src/unsecure/signature.rs
@@ -138,7 +138,7 @@ impl<'a> From<&'a UnsecurePrivateKey> for UnsecurePublicKey {
         let result = crate::hash::Sha256::digest(secret.0.as_ref());
         let bytes: [u8; PUBLIC_KEY_LENGTH] = result.as_ref()[0..PUBLIC_KEY_LENGTH]
             .try_into()
-            .map_err(|_| FastCryptoError::GeneralError)
+            .map_err(|_| FastCryptoError::GeneralOpaqueError)
             .unwrap();
         UnsecurePublicKey(bytes)
     }
@@ -310,7 +310,7 @@ impl FromStr for UnsecureKeyPair {
     type Err = FastCryptoError;
 
     fn from_str(s: &str) -> Result<Self, Self::Err> {
-        let kp = Self::decode_base64(s).map_err(|_| FastCryptoError::GeneralError)?;
+        let kp = Self::decode_base64(s).map_err(|_| FastCryptoError::GeneralOpaqueError)?;
         Ok(kp)
     }
 }
@@ -388,7 +388,7 @@ impl AggregateAuthenticator for UnsecureAggregateSignature {
         if actual == self.0 {
             return Ok(());
         }
-        Err(FastCryptoError::GeneralError)
+        Err(FastCryptoError::GeneralOpaqueError)
     }
 
     fn batch_verify<'a>(
@@ -409,7 +409,7 @@ impl AggregateAuthenticator for UnsecureAggregateSignature {
                 .collect();
 
             if sig.verify(&public_keys, msg).is_err() {
-                return Err(FastCryptoError::GeneralError);
+                return Err(FastCryptoError::GeneralOpaqueError);
             }
         }
         Ok(())
@@ -430,7 +430,7 @@ impl AggregateAuthenticator for UnsecureAggregateSignature {
         if actual == self.0 {
             return Ok(());
         }
-        Err(FastCryptoError::GeneralError)
+        Err(FastCryptoError::GeneralOpaqueError)
     }
 }
 

diff --git a/fastcrypto/src/vrf.rs b/fastcrypto/src/vrf.rs
@@ -50,7 +50,7 @@ pub trait VRFProof<const OUTPUT_SIZE: usize> {
     ) -> Result<(), FastCryptoError> {
         self.verify(input, public_key)?;
         if &self.to_hash() != output {
-            return Err(FastCryptoError::GeneralError);
+            return Err(FastCryptoError::GeneralOpaqueError);
         }
         Ok(())
     }
@@ -254,7 +254,7 @@ pub mod ecvrf {
             let c_prime = ecvrf_challenge_generation([&public_key.0, &h, &self.gamma, &u, &v]);
 
             if c_prime != self.c {
-                return Err(FastCryptoError::GeneralError);
+                return Err(FastCryptoError::GeneralOpaqueError);
             }
             Ok(())
         }