Improve error handling in encryption pkg (#520)

* Improve error handling in encryption pkg * More Go-ish errors
2018-10-23 17:05:15 +03:00 · 2018-10-23 17:05:15 +03:00 · 37a1542480
commit 37a1542480
parent 80408541d5
4 changed files with 35 additions and 30 deletions
--- a/pkg/encryption/aesgcm.go
+++ b/pkg/encryption/aesgcm.go
@ -7,8 +7,6 @@ import (
 	"crypto/aes"
 	"crypto/cipher"

-	"github.com/zeebo/errs"
-
 	"storj.io/storj/pkg/storj"
 )

@ -36,14 +34,14 @@ type aesgcmEncrypter struct {
 func NewAESGCMEncrypter(key *storj.Key, startingNonce *AESGCMNonce, encryptedBlockSize int) (Transformer, error) {
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	aesgcmEncrypt, err := cipher.NewGCM(block)
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	if encryptedBlockSize <= aesgcmEncrypt.Overhead() {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &aesgcmEncrypter{
 		blockSize:     encryptedBlockSize - aesgcmEncrypt.Overhead(),
@ -76,8 +74,8 @@ func (s *aesgcmEncrypter) Transform(out, in []byte, blockNum int64) ([]byte, err
 		return nil, err
 	}

-	ciphertext := s.aesgcm.Seal(out, nonce[:], in, nil)
-	return ciphertext, nil
+	cipherData := s.aesgcm.Seal(out, nonce[:], in, nil)
+	return cipherData, nil
 }

 type aesgcmDecrypter struct {
@ -94,14 +92,14 @@ type aesgcmDecrypter struct {
 func NewAESGCMDecrypter(key *storj.Key, startingNonce *AESGCMNonce, encryptedBlockSize int) (Transformer, error) {
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	aesgcmDecrypt, err := cipher.NewGCM(block)
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	if encryptedBlockSize <= aesgcmDecrypt.Overhead() {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &aesgcmDecrypter{
 		blockSize:     encryptedBlockSize - aesgcmDecrypt.Overhead(),
@ -125,18 +123,22 @@ func (s *aesgcmDecrypter) Transform(out, in []byte, blockNum int64) ([]byte, err
 		return nil, err
 	}

-	return s.aesgcm.Open(out, nonce[:], in, nil)
+	plainData, err := s.aesgcm.Open(out, nonce[:], in, nil)
+	if err != nil {
+		return nil, ErrDecryptFailed.Wrap(err)
+	}
+	return plainData, nil
 }

 // EncryptAESGCM encrypts byte data with a key and nonce. The cipher data is returned
 func EncryptAESGCM(data []byte, key *storj.Key, nonce *AESGCMNonce) (cipherData []byte, err error) {
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
 	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
 	cipherData = aesgcm.Seal(nil, nonce[:], data, nil)
 	return cipherData, nil
@ -145,19 +147,19 @@ func EncryptAESGCM(data []byte, key *storj.Key, nonce *AESGCMNonce) (cipherData
 // DecryptAESGCM decrypts byte data with a key and nonce. The plain data is returned
 func DecryptAESGCM(cipherData []byte, key *storj.Key, nonce *AESGCMNonce) (data []byte, err error) {
 	if len(cipherData) == 0 {
-		return []byte{}, errs.New("empty cipher data")
+		return []byte{}, Error.New("empty cipher data")
 	}
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
 	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
-	decrypted, err := aesgcm.Open(nil, nonce[:], cipherData, nil)
+	plainData, err := aesgcm.Open(nil, nonce[:], cipherData, nil)
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, ErrDecryptFailed.Wrap(err)
 	}
-	return decrypted, nil
+	return plainData, nil
 }
--- a/pkg/encryption/common.go
+++ b/pkg/encryption/common.go
@ -9,3 +9,9 @@ import (

 // Error is the default encryption errs class
 var Error = errs.Class("encryption error")
+
+// ErrDecryptFailed is the errs class when the decryption fails
+var ErrDecryptFailed = errs.Class("decryption failed, check encryption key")
+
+// ErrInvalidConfig is the errs class for invalid configuration
+var ErrInvalidConfig = errs.Class("invalid encryption configuration")
--- a/pkg/encryption/encryption.go
+++ b/pkg/encryption/encryption.go
@ -4,8 +4,6 @@
 package encryption

 import (
-	"github.com/zeebo/errs"
-
 	"storj.io/storj/pkg/storj"
 )

@ -37,7 +35,7 @@ func Encrypt(data []byte, cipher storj.Cipher, key *storj.Key, nonce *storj.Nonc
 	case storj.SecretBox:
 		return EncryptSecretBox(data, key, nonce)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }

@ -51,7 +49,7 @@ func Decrypt(cipherData []byte, cipher storj.Cipher, key *storj.Key, nonce *stor
 	case storj.SecretBox:
 		return DecryptSecretBox(cipherData, key, nonce)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }

@ -65,7 +63,7 @@ func NewEncrypter(cipher storj.Cipher, key *storj.Key, startingNonce *storj.Nonc
 	case storj.SecretBox:
 		return NewSecretboxEncrypter(key, startingNonce, encryptedBlockSize)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }

@ -79,7 +77,7 @@ func NewDecrypter(cipher storj.Cipher, key *storj.Key, startingNonce *storj.Nonc
 	case storj.SecretBox:
 		return NewSecretboxDecrypter(key, startingNonce, encryptedBlockSize)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }

--- a/pkg/encryption/secretbox.go
+++ b/pkg/encryption/secretbox.go
@ -4,7 +4,6 @@
 package encryption

 import (
-	"github.com/zeebo/errs"
 	"golang.org/x/crypto/nacl/secretbox"

 	"storj.io/storj/pkg/storj"
@ -31,7 +30,7 @@ type secretboxEncrypter struct {
 // from crypto/rand as often as possible.
 func NewSecretboxEncrypter(key *storj.Key, startingNonce *storj.Nonce, encryptedBlockSize int) (Transformer, error) {
 	if encryptedBlockSize <= secretbox.Overhead {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &secretboxEncrypter{
 		blockSize:     encryptedBlockSize - secretbox.Overhead,
@ -76,7 +75,7 @@ type secretboxDecrypter struct {
 // startingNonce.
 func NewSecretboxDecrypter(key *storj.Key, startingNonce *storj.Nonce, encryptedBlockSize int) (Transformer, error) {
 	if encryptedBlockSize <= secretbox.Overhead {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &secretboxDecrypter{
 		blockSize:     encryptedBlockSize - secretbox.Overhead,
@ -100,7 +99,7 @@ func (s *secretboxDecrypter) Transform(out, in []byte, blockNum int64) ([]byte,
 	}
 	rv, success := secretbox.Open(out, in, nonce.Raw(), s.key.Raw())
 	if !success {
-		return nil, Error.New("failed decrypting")
+		return nil, ErrDecryptFailed.New("")
 	}
 	return rv, nil
 }
@ -114,7 +113,7 @@ func EncryptSecretBox(data []byte, key *storj.Key, nonce *storj.Nonce) (cipherDa
 func DecryptSecretBox(cipherData []byte, key *storj.Key, nonce *storj.Nonce) (data []byte, err error) {
 	data, success := secretbox.Open(nil, cipherData, nonce.Raw(), key.Raw())
 	if !success {
-		return nil, errs.New("Failed decrypting")
+		return nil, ErrDecryptFailed.New("")
 	}
 	return data, nil
 }