Improve error handling in encryption pkg (#520)

* Improve error handling in encryption pkg

* More Go-ish errors

pkg/encryption/aesgcm.go

@@ -7,8 +7,6 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 
-	"github.com/zeebo/errs"
-
 	"storj.io/storj/pkg/storj"
 )
 
@@ -36,14 +34,14 @@ type aesgcmEncrypter struct {
 func NewAESGCMEncrypter(key *storj.Key, startingNonce *AESGCMNonce, encryptedBlockSize int) (Transformer, error) {
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	aesgcmEncrypt, err := cipher.NewGCM(block)
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	if encryptedBlockSize <= aesgcmEncrypt.Overhead() {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &aesgcmEncrypter{
 		blockSize:     encryptedBlockSize - aesgcmEncrypt.Overhead(),
@@ -76,8 +74,8 @@ func (s *aesgcmEncrypter) Transform(out, in []byte, blockNum int64) ([]byte, err
 		return nil, err
 	}
 
-	ciphertext := s.aesgcm.Seal(out, nonce[:], in, nil)
+	cipherData := s.aesgcm.Seal(out, nonce[:], in, nil)
-	return ciphertext, nil
+	return cipherData, nil
 }
 
 type aesgcmDecrypter struct {
@@ -94,14 +92,14 @@ type aesgcmDecrypter struct {
 func NewAESGCMDecrypter(key *storj.Key, startingNonce *AESGCMNonce, encryptedBlockSize int) (Transformer, error) {
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	aesgcmDecrypt, err := cipher.NewGCM(block)
 	if err != nil {
-		return nil, err
+		return nil, Error.Wrap(err)
 	}
 	if encryptedBlockSize <= aesgcmDecrypt.Overhead() {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &aesgcmDecrypter{
 		blockSize:     encryptedBlockSize - aesgcmDecrypt.Overhead(),
@@ -125,18 +123,22 @@ func (s *aesgcmDecrypter) Transform(out, in []byte, blockNum int64) ([]byte, err
 		return nil, err
 	}
 
-	return s.aesgcm.Open(out, nonce[:], in, nil)
+	plainData, err := s.aesgcm.Open(out, nonce[:], in, nil)
+	if err != nil {
+		return nil, ErrDecryptFailed.Wrap(err)
+	}
+	return plainData, nil
 }
 
 // EncryptAESGCM encrypts byte data with a key and nonce. The cipher data is returned
 func EncryptAESGCM(data []byte, key *storj.Key, nonce *AESGCMNonce) (cipherData []byte, err error) {
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
 	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
 	cipherData = aesgcm.Seal(nil, nonce[:], data, nil)
 	return cipherData, nil
@@ -145,19 +147,19 @@ func EncryptAESGCM(data []byte, key *storj.Key, nonce *AESGCMNonce) (cipherData
 // DecryptAESGCM decrypts byte data with a key and nonce. The plain data is returned
 func DecryptAESGCM(cipherData []byte, key *storj.Key, nonce *AESGCMNonce) (data []byte, err error) {
 	if len(cipherData) == 0 {
-		return []byte{}, errs.New("empty cipher data")
+		return []byte{}, Error.New("empty cipher data")
 	}
 	block, err := aes.NewCipher(key[:])
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
 	aesgcm, err := cipher.NewGCM(block)
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, Error.Wrap(err)
 	}
-	decrypted, err := aesgcm.Open(nil, nonce[:], cipherData, nil)
+	plainData, err := aesgcm.Open(nil, nonce[:], cipherData, nil)
 	if err != nil {
-		return []byte{}, errs.Wrap(err)
+		return []byte{}, ErrDecryptFailed.Wrap(err)
 	}
-	return decrypted, nil
+	return plainData, nil
 }

pkg/encryption/common.go

@@ -9,3 +9,9 @@ import (
 
 // Error is the default encryption errs class
 var Error = errs.Class("encryption error")
+
+// ErrDecryptFailed is the errs class when the decryption fails
+var ErrDecryptFailed = errs.Class("decryption failed, check encryption key")
+
+// ErrInvalidConfig is the errs class for invalid configuration
+var ErrInvalidConfig = errs.Class("invalid encryption configuration")

pkg/encryption/encryption.go

@@ -4,8 +4,6 @@
 package encryption
 
 import (
-	"github.com/zeebo/errs"
-
 	"storj.io/storj/pkg/storj"
 )
 
@@ -37,7 +35,7 @@ func Encrypt(data []byte, cipher storj.Cipher, key *storj.Key, nonce *storj.Nonc
 	case storj.SecretBox:
 		return EncryptSecretBox(data, key, nonce)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }
 
@@ -51,7 +49,7 @@ func Decrypt(cipherData []byte, cipher storj.Cipher, key *storj.Key, nonce *stor
 	case storj.SecretBox:
 		return DecryptSecretBox(cipherData, key, nonce)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }
 
@@ -65,7 +63,7 @@ func NewEncrypter(cipher storj.Cipher, key *storj.Key, startingNonce *storj.Nonc
 	case storj.SecretBox:
 		return NewSecretboxEncrypter(key, startingNonce, encryptedBlockSize)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }
 
@@ -79,7 +77,7 @@ func NewDecrypter(cipher storj.Cipher, key *storj.Key, startingNonce *storj.Nonc
 	case storj.SecretBox:
 		return NewSecretboxDecrypter(key, startingNonce, encryptedBlockSize)
 	default:
-		return nil, errs.New("Invalid encryption type")
+		return nil, ErrInvalidConfig.New("encryption type %d is not supported", cipher)
 	}
 }
 

pkg/encryption/secretbox.go

@@ -4,7 +4,6 @@
 package encryption
 
 import (
-	"github.com/zeebo/errs"
 	"golang.org/x/crypto/nacl/secretbox"
 
 	"storj.io/storj/pkg/storj"
@@ -31,7 +30,7 @@ type secretboxEncrypter struct {
 // from crypto/rand as often as possible.
 func NewSecretboxEncrypter(key *storj.Key, startingNonce *storj.Nonce, encryptedBlockSize int) (Transformer, error) {
 	if encryptedBlockSize <= secretbox.Overhead {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &secretboxEncrypter{
 		blockSize:     encryptedBlockSize - secretbox.Overhead,
@@ -76,7 +75,7 @@ type secretboxDecrypter struct {
 // startingNonce.
 func NewSecretboxDecrypter(key *storj.Key, startingNonce *storj.Nonce, encryptedBlockSize int) (Transformer, error) {
 	if encryptedBlockSize <= secretbox.Overhead {
-		return nil, Error.New("block size too small")
+		return nil, ErrInvalidConfig.New("encrypted block size %d too small", encryptedBlockSize)
 	}
 	return &secretboxDecrypter{
 		blockSize:     encryptedBlockSize - secretbox.Overhead,
@@ -100,7 +99,7 @@ func (s *secretboxDecrypter) Transform(out, in []byte, blockNum int64) ([]byte,
 	}
 	rv, success := secretbox.Open(out, in, nonce.Raw(), s.key.Raw())
 	if !success {
-		return nil, Error.New("failed decrypting")
+		return nil, ErrDecryptFailed.New("")
 	}
 	return rv, nil
 }
@@ -114,7 +113,7 @@ func EncryptSecretBox(data []byte, key *storj.Key, nonce *storj.Nonce) (cipherDa
 func DecryptSecretBox(cipherData []byte, key *storj.Key, nonce *storj.Nonce) (data []byte, err error) {
 	data, success := secretbox.Open(nil, cipherData, nonce.Raw(), key.Raw())
 	if !success {
-		return nil, errs.New("Failed decrypting")
+		return nil, ErrDecryptFailed.New("")
 	}
 	return data, nil
 }