phnx-im · kkohbrok · Aug 23, 2023 · Aug 23, 2023 · Aug 23, 2023
diff --git a/backend/src/auth_service/credentials/keys.rs b/backend/src/auth_service/credentials/keys.rs
@@ -58,8 +58,9 @@ impl AsIntermediateSigningKey {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, Error)]
 pub enum SigningKeyCreationError {
+    #[error("Public key mismatch")]
     PublicKeyMismatch,
 }
 
@@ -255,12 +256,14 @@ pub struct InfraCredentialPlaintext {
 }
 
 impl InfraCredentialPlaintext {
-    pub fn decrypt(credential: &InfraCredential, ear_key: &SignatureEarKey) -> Result<Self, Error> {
+    pub fn decrypt(
+        credential: &InfraCredential,
+        ear_key: &SignatureEarKey,
+    ) -> Result<Self, InfraCredentialDecryptionError> {
         let encrypted_signature =
-            Ciphertext::tls_deserialize_exact(credential.encrypted_signature().as_slice())
-                .unwrap()
-                .into();
-        let signature = Signature::decrypt(&ear_key, &encrypted_signature).unwrap();
+            Ciphertext::tls_deserialize_exact(credential.encrypted_signature().as_slice())?.into();
+        let signature = Signature::decrypt(&ear_key, &encrypted_signature)
+            .map_err(|_| InfraCredentialDecryptionError::SignatureDecryptionError)?;
         let payload = InfraCredentialTbs {
             identity: credential.identity().to_vec(),
             lifetime: credential.expiration_data(),
@@ -271,6 +274,14 @@ impl InfraCredentialPlaintext {
     }
 }
 
+#[derive(Debug, Error)]
+pub enum InfraCredentialDecryptionError {
+    #[error(transparent)]
+    DeserializationError(#[from] tls_codec::Error),
+    #[error("Error decrypting signature")]
+    SignatureDecryptionError,
+}
+
 #[derive(TlsSerialize, TlsDeserializeBytes, TlsSize, Debug, Clone)]
 pub struct InfraCredentialTbs {
     pub(crate) identity: Vec<u8>,

diff --git a/backend/src/auth_service/credentials/mod.rs b/backend/src/auth_service/credentials/mod.rs
@@ -408,13 +408,6 @@ impl ClientCredential {
     }
 }
 
-#[derive(Debug, Clone)]
-pub enum ClientCredentialProcessingError {
-    DecryptionError,
-    VerificationError,
-    NoMatchingAsCredential,
-}
-
 impl VerifiedStruct<VerifiableClientCredential> for ClientCredential {
     type SealingType = private_mod::Seal;
 

diff --git a/backend/src/crypto/ear/traits.rs b/backend/src/crypto/ear/traits.rs
@@ -11,17 +11,20 @@ use aes_gcm::{
     NewAead,
 };
 use serde::de::DeserializeOwned;
+use thiserror::Error;
 use tracing::instrument;
 
 use crate::crypto::{secrets::Secret, DecryptionError, RandomnessError};
 
 use super::{Aead, Ciphertext, AEAD_KEY_SIZE, AEAD_NONCE_SIZE};
 
 /// Errors that can occur during an encryption operation.
-#[derive(Debug)]
+#[derive(Debug, Error)]
 pub enum EncryptionError {
+    #[error("Not enough randomness to generate Nonce")]
     RandomnessError, // Not enough randomness to generate Nonce
-    LibraryError,    // Error encrypting the plaintext
+    #[error("Error encrypting the plaintext")]
+    LibraryError, // Error encrypting the plaintext
 }
 
 /// A trait meant for structs holding a symmetric key of size [`AEAD_KEY_SIZE`].

diff --git a/backend/src/crypto/mod.rs b/backend/src/crypto/mod.rs
@@ -104,8 +104,9 @@ pub mod secrets;
 pub(super) mod serde_arrays;
 pub mod signatures;
 
-#[derive(Debug)]
+#[derive(Debug, Error)]
 pub enum RandomnessError {
+    #[error("Insufficient randomness")]
     InsufficientRandomness,
 }
 

diff --git a/backend/src/crypto/signatures/keys.rs b/backend/src/crypto/signatures/keys.rs
@@ -12,6 +12,7 @@ use utoipa::ToSchema;
 
 use crate::{
     auth_service::credentials::keys::{generate_signature_keypair, KeyGenerationError},
+    crypto::RandomnessError,
     ds::group_state::UserKeyHash,
 };
 
@@ -126,16 +127,13 @@ pub struct QsClientSigningKey {
     verifying_key: QsClientVerifyingKey,
 }
 
-#[derive(Debug)]
-pub struct RandomnessError {}
-
 impl QsClientSigningKey {
     pub fn random() -> Result<Self, RandomnessError> {
         let rust_crypto = OpenMlsRustCrypto::default();
         let (signing_key, verifying_key) = rust_crypto
             .crypto()
             .signature_key_gen(mls_assist::openmls::prelude::SignatureScheme::ED25519)
-            .map_err(|_| RandomnessError {})?;
+            .map_err(|_| RandomnessError::InsufficientRandomness)?;
         Ok(Self {
             signing_key,
             verifying_key: QsClientVerifyingKey { verifying_key },
@@ -189,7 +187,7 @@ impl QsUserSigningKey {
         let (signing_key, verifying_key) = rust_crypto
             .crypto()
             .signature_key_gen(mls_assist::openmls::prelude::SignatureScheme::ED25519)
-            .map_err(|_| RandomnessError {})?;
+            .map_err(|_| RandomnessError::InsufficientRandomness)?;
         Ok(Self {
             signing_key,
             verifying_key: QsUserVerifyingKey { verifying_key },

diff --git a/coreclient/Cargo.toml b/coreclient/Cargo.toml
@@ -40,10 +40,10 @@ rand = "0.8.4"
 # Feature dart-bridge
 tokio = { version = "1.29.0", features = ["rt", "macros"], optional = true }
 flutter_rust_bridge = { version = "1", optional = true }
-anyhow = { version = "1.0", features = ["backtrace"], optional = true }
+anyhow = { version = "1.0", features = ["backtrace"] }
 
 [features]
-dart-bridge = ["anyhow", "flutter_rust_bridge", "tokio"]
+dart-bridge = ["flutter_rust_bridge", "tokio"]
 
 
 [build-dependencies]

diff --git a/coreclient/src/groups/error.rs b/coreclient/src/groups/error.rs
@@ -5,6 +5,7 @@
 use super::*;
 
 use openmls_memory_keystore::MemoryKeyStoreError;
+use phnxbackend::crypto::DecryptionError;
 use thiserror::Error;
 
 #[derive(Error, Debug)]
@@ -30,6 +31,10 @@ pub enum GroupOperationError {
     MergePendingCommitError(#[from] MergePendingCommitError<MemoryKeyStoreError>),
     #[error("No pending group diff")]
     NoPendingGroupDiff,
+    #[error("Missing key package in key store")]
+    MissingKeyPackage,
+    #[error(transparent)]
+    JoinerInfoDecryptionError(#[from] DecryptionError),
     #[error("User already in group")]
     DuplicateUserAddition,
     #[error("No user auth key has been set yet.")]