1// Copyright 2010 The Go Authors. All rights reserved.
  2// Use of this source code is governed by a BSD-style
  3// license that can be found in the LICENSE file.
  4
  5// Package errors contains common error types for the OpenPGP packages.
  6package errors // import "github.com/ProtonMail/go-crypto/openpgp/errors"
  7
  8import (
  9	"fmt"
 10	"strconv"
 11)
 12
 13var (
 14	// ErrDecryptSessionKeyParsing is a generic error message for parsing errors in decrypted data
 15	// to reduce the risk of oracle attacks.
 16	ErrDecryptSessionKeyParsing = DecryptWithSessionKeyError("parsing error")
 17	// ErrAEADTagVerification is returned if one of the tag verifications in SEIPDv2 fails
 18	ErrAEADTagVerification error = DecryptWithSessionKeyError("AEAD tag verification failed")
 19	// ErrMDCHashMismatch
 20	ErrMDCHashMismatch error = SignatureError("MDC hash mismatch")
 21	// ErrMDCMissing
 22	ErrMDCMissing error = SignatureError("MDC packet not found")
 23)
 24
 25// A StructuralError is returned when OpenPGP data is found to be syntactically
 26// invalid.
 27type StructuralError string
 28
 29func (s StructuralError) Error() string {
 30	return "openpgp: invalid data: " + string(s)
 31}
 32
 33// A DecryptWithSessionKeyError is returned when a failure occurs when reading from symmetrically decrypted data or
 34// an authentication tag verification fails.
 35// Such an error indicates that the supplied session key is likely wrong or the data got corrupted.
 36type DecryptWithSessionKeyError string
 37
 38func (s DecryptWithSessionKeyError) Error() string {
 39	return "openpgp: decryption with session key failed: " + string(s)
 40}
 41
 42// HandleSensitiveParsingError handles parsing errors when reading data from potentially decrypted data.
 43// The function makes parsing errors generic to reduce the risk of oracle attacks in SEIPDv1.
 44func HandleSensitiveParsingError(err error, decrypted bool) error {
 45	if !decrypted {
 46		// Data was not encrypted so we return the inner error.
 47		return err
 48	}
 49	// The data is read from a stream that decrypts using a session key;
 50	// therefore, we need to handle parsing errors appropriately.
 51	// This is essential to mitigate the risk of oracle attacks.
 52	if decError, ok := err.(*DecryptWithSessionKeyError); ok {
 53		return decError
 54	}
 55	if decError, ok := err.(DecryptWithSessionKeyError); ok {
 56		return decError
 57	}
 58	return ErrDecryptSessionKeyParsing
 59}
 60
 61// UnsupportedError indicates that, although the OpenPGP data is valid, it
 62// makes use of currently unimplemented features.
 63type UnsupportedError string
 64
 65func (s UnsupportedError) Error() string {
 66	return "openpgp: unsupported feature: " + string(s)
 67}
 68
 69// InvalidArgumentError indicates that the caller is in error and passed an
 70// incorrect value.
 71type InvalidArgumentError string
 72
 73func (i InvalidArgumentError) Error() string {
 74	return "openpgp: invalid argument: " + string(i)
 75}
 76
 77// SignatureError indicates that a syntactically valid signature failed to
 78// validate.
 79type SignatureError string
 80
 81func (b SignatureError) Error() string {
 82	return "openpgp: invalid signature: " + string(b)
 83}
 84
 85type signatureExpiredError int
 86
 87func (se signatureExpiredError) Error() string {
 88	return "openpgp: signature expired"
 89}
 90
 91var ErrSignatureExpired error = signatureExpiredError(0)
 92
 93type keyExpiredError int
 94
 95func (ke keyExpiredError) Error() string {
 96	return "openpgp: key expired"
 97}
 98
 99var ErrSignatureOlderThanKey error = signatureOlderThanKeyError(0)
100
101type signatureOlderThanKeyError int
102
103func (ske signatureOlderThanKeyError) Error() string {
104	return "openpgp: signature is older than the key"
105}
106
107var ErrKeyExpired error = keyExpiredError(0)
108
109type keyIncorrectError int
110
111func (ki keyIncorrectError) Error() string {
112	return "openpgp: incorrect key"
113}
114
115var ErrKeyIncorrect error = keyIncorrectError(0)
116
117// KeyInvalidError indicates that the public key parameters are invalid
118// as they do not match the private ones
119type KeyInvalidError string
120
121func (e KeyInvalidError) Error() string {
122	return "openpgp: invalid key: " + string(e)
123}
124
125type unknownIssuerError int
126
127func (unknownIssuerError) Error() string {
128	return "openpgp: signature made by unknown entity"
129}
130
131var ErrUnknownIssuer error = unknownIssuerError(0)
132
133type keyRevokedError int
134
135func (keyRevokedError) Error() string {
136	return "openpgp: signature made by revoked key"
137}
138
139var ErrKeyRevoked error = keyRevokedError(0)
140
141type WeakAlgorithmError string
142
143func (e WeakAlgorithmError) Error() string {
144	return "openpgp: weak algorithms are rejected: " + string(e)
145}
146
147type UnknownPacketTypeError uint8
148
149func (upte UnknownPacketTypeError) Error() string {
150	return "openpgp: unknown packet type: " + strconv.Itoa(int(upte))
151}
152
153type CriticalUnknownPacketTypeError uint8
154
155func (upte CriticalUnknownPacketTypeError) Error() string {
156	return "openpgp: unknown critical packet type: " + strconv.Itoa(int(upte))
157}
158
159// AEADError indicates that there is a problem when initializing or using a
160// AEAD instance, configuration struct, nonces or index values.
161type AEADError string
162
163func (ae AEADError) Error() string {
164	return "openpgp: aead error: " + string(ae)
165}
166
167// ErrDummyPrivateKey results when operations are attempted on a private key
168// that is just a dummy key. See
169// https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109
170type ErrDummyPrivateKey string
171
172func (dke ErrDummyPrivateKey) Error() string {
173	return "openpgp: s2k GNU dummy key: " + string(dke)
174}
175
176// ErrMalformedMessage results when the packet sequence is incorrect
177type ErrMalformedMessage string
178
179func (dke ErrMalformedMessage) Error() string {
180	return "openpgp: malformed message " + string(dke)
181}
182
183// ErrEncryptionKeySelection is returned if encryption key selection fails (v2 API).
184type ErrEncryptionKeySelection struct {
185	PrimaryKeyId      string
186	PrimaryKeyErr     error
187	EncSelectionKeyId *string
188	EncSelectionErr   error
189}
190
191func (eks ErrEncryptionKeySelection) Error() string {
192	prefix := fmt.Sprintf("openpgp: key selection for primary key %s:", eks.PrimaryKeyId)
193	if eks.PrimaryKeyErr != nil {
194		return fmt.Sprintf("%s invalid primary key: %s", prefix, eks.PrimaryKeyErr)
195	}
196	if eks.EncSelectionKeyId != nil {
197		return fmt.Sprintf("%s invalid encryption key %s: %s", prefix, *eks.EncSelectionKeyId, eks.EncSelectionErr)
198	}
199	return fmt.Sprintf("%s no encryption key: %s", prefix, eks.EncSelectionErr)
200}