Make errors more consistent (#3467)

Author: conradgrobler

experimental/offline_attestation/client/src/main.rs

@@ -129,7 +129,7 @@ impl RequestHelper {
         let response_public_key_handle = self
             .private_key_handle
             .public()
-            .map_err(|error| anyhow!("Couldn't get public key: {}", error))?;
+            .map_err(|error| anyhow!("couldn't get public key: {}", error))?;
         let response_public_key = serialize_public_key(&response_public_key_handle)?;
 
         Ok(EncryptedRequest {

experimental/offline_attestation/server/src/main.rs

@@ -56,7 +56,7 @@ async fn main() -> anyhow::Result<()> {
     let private_key_handle = Arc::new(generate_private_key()?);
     let public_key_handle = private_key_handle
         .public()
-        .map_err(|error| anyhow!("Couldn't get public key: {}", error))?;
+        .map_err(|error| anyhow!("couldn't get public key: {}", error))?;
 
     let attestation_report = generate_attestation_report(&public_key_handle)?;
 

experimental/offline_attestation/shared/src/lib.rs

@@ -110,10 +110,10 @@ impl PublicKeyInfo {
 /// public key.
 pub fn encrypt(public_key_handle: &Handle, data: &[u8]) -> anyhow::Result<Vec<u8>> {
     let encryptor = tink_hybrid::new_encrypt(public_key_handle)
-        .map_err(|error| anyhow!("Couldn't create hybrid encryptor: {}", error))?;
+        .map_err(|error| anyhow!("couldn't create hybrid encryptor: {}", error))?;
     encryptor
         .encrypt(data, ENCRYPTION_CONTEXT)
-        .map_err(|error| anyhow!("Couldn't encrypt data: {}", error))
+        .map_err(|error| anyhow!("couldn't encrypt data: {}", error))
 }
 
 /// Decrypts the provides `cyphertext` using the private key.
@@ -122,17 +122,17 @@ pub fn encrypt(public_key_handle: &Handle, data: &[u8]) -> anyhow::Result<Vec<u8
 /// decryption will only succeed if the ciphertext was created using the corresponding public key.
 pub fn decrypt(private_key_handle: &Handle, ciphertext: &[u8]) -> anyhow::Result<Vec<u8>> {
     let decryptor = tink_hybrid::new_decrypt(private_key_handle)
-        .map_err(|error| anyhow!("Couldn't create hybrid decryptor: {}", error))?;
+        .map_err(|error| anyhow!("couldn't create hybrid decryptor: {}", error))?;
     decryptor
         .decrypt(ciphertext, ENCRYPTION_CONTEXT)
-        .map_err(|error| anyhow!("Couldn't decrypt ciphertext: {}", error))
+        .map_err(|error| anyhow!("couldn't decrypt ciphertext: {}", error))
 }
 
 /// Generates a new private key suitable for hybrid encryption and returns a handle to the
 /// containing keyset.
 pub fn generate_private_key() -> anyhow::Result<Handle> {
     tink_core::keyset::Handle::new(&tink_hybrid::ecies_hkdf_aes128_gcm_key_template())
-        .map_err(|error| anyhow!("Couldn't create private key: {}", error))
+        .map_err(|error| anyhow!("couldn't create private key: {}", error))
 }
 
 /// Serialises the handle's underlying keyset containing the public key to a binary representation.
@@ -143,7 +143,7 @@ pub fn serialize_public_key(public_key_handle: &Handle) -> anyhow::Result<Vec<u8
     let mut writer = tink_core::keyset::BinaryWriter::new(&mut result);
     public_key_handle
         .write_with_no_secrets(&mut writer)
-        .map_err(|error| anyhow!("Couldn't deserialise public key: {}", error))?;
+        .map_err(|error| anyhow!("couldn't deserialise public key: {}", error))?;
     Ok(result)
 }
 
@@ -152,7 +152,7 @@ pub fn serialize_public_key(public_key_handle: &Handle) -> anyhow::Result<Vec<u8
 pub fn deserialize_public_key(data: &[u8]) -> anyhow::Result<Handle> {
     let mut reader = tink_core::keyset::BinaryReader::new(data);
     Handle::read_with_no_secrets(&mut reader)
-        .map_err(|error| anyhow!("Couldn't deserialise public key: {}", error))
+        .map_err(|error| anyhow!("couldn't deserialise public key: {}", error))
 }
 
 /// Serialises the attestation report to a binary representation.

experimental/sev_guest/src/cpuid.rs

@@ -94,10 +94,10 @@ impl CpuidPage {
     /// all zero.
     pub fn validate(&self) -> Result<(), &'static str> {
         if self.count as usize > CPUID_COUNT_MAX {
-            return Err("Invalid count");
+            return Err("invalid count");
         }
         if self._reserved.iter().any(|&value| value != 0) {
-            return Err("Nonzero value in _reserved");
+            return Err("nonzero value in _reserved");
         }
         Ok(())
     }

experimental/sev_guest/src/crypto.rs

@@ -63,7 +63,7 @@ impl GuestMessageEncryptor {
         initial_sequence_number: u64,
     ) -> Result<Self, &'static str> {
         Ok(Self {
-            cipher: Aes256Gcm::new_from_slice(key).map_err(|_| "Invalid key length")?,
+            cipher: Aes256Gcm::new_from_slice(key).map_err(|_| "invalid key length")?,
             sequence_number: initial_sequence_number,
         })
     }
@@ -94,7 +94,7 @@ impl GuestMessageEncryptor {
         let auth_tag = self
             .cipher
             .encrypt_in_place_detached(nonce, associated_data, buffer)
-            .map_err(|_| "Message encryption failed")?;
+            .map_err(|aes_gcm::Error| "message encryption failed")?;
         // Only write the payload once we are sure the encryption succeeded.
         destination.payload[0..message_size].copy_from_slice(buffer);
         destination.header.auth_tag[0..auth_tag.len()].copy_from_slice(auth_tag.as_slice());
@@ -113,19 +113,19 @@ impl GuestMessageEncryptor {
         let mut result = M::new_zeroed();
         source.validate()?;
         if M::get_message_type() as u8 != source.header.auth_header.message_type {
-            return Err("Invalid message type");
+            return Err("invalid message type");
         }
         let sequence_number = source.header.sequence_number;
         if sequence_number != self.sequence_number + 1 {
-            return Err("Unexpected sequence numer");
+            return Err("unexpected sequence numer");
         }
         let mut iv_bytes = [0u8; IV_SIZE];
         iv_bytes[0..size_of::<u64>()].copy_from_slice(sequence_number.as_bytes());
         let nonce = Nonce::from_slice(&iv_bytes[..]);
         let associated_data = source.header.auth_header.as_bytes();
         let buffer = result.as_bytes_mut();
         if buffer.len() != source.header.auth_header.message_size as usize {
-            return Err("Invalid message length");
+            return Err("invalid message length");
         }
         // The source message is in memory that is shared with the hypervisor, so we must not
         // decrypt the payload in place. Copy the encrypted payload into the buffer and
@@ -134,7 +134,7 @@ impl GuestMessageEncryptor {
         let tag = Tag::from_slice(&source.header.auth_tag[0..size_of::<Tag>()]);
         self.cipher
             .decrypt_in_place_detached(nonce, associated_data, buffer, tag)
-            .map_err(|_| "Couldn't decrypt message")?;
+            .map_err(|aes_gcm::Error| "couldn't decrypt message")?;
         self.sequence_number += 1;
         Ok(result)
     }

experimental/sev_guest/src/ghcb.rs

@@ -283,7 +283,7 @@ where
         let virtual_address = VirtAddr::from_ptr(ghcb.as_ref() as *const Ghcb);
         // Crashing is OK if we cannot find the physical address for the GHCB.
         let gpa = translate(virtual_address)
-            .expect("Could not translate the GHCB virtual address to a physical address.");
+            .expect("couldn't translate the GHCB virtual address to a physical address");
         Self { ghcb, gpa }
     }
 
@@ -429,7 +429,7 @@ where
             Ok(())
         } else {
             // For now we treat all non-zero return values as unrecoverable errors.
-            Err("Guest message response indicates an error.")
+            Err("guest message response indicates an error")
         }
     }
 
@@ -451,7 +451,7 @@ where
             Ok(())
         } else {
             // For now we treat all non-zero return values as unrecoverable errors.
-            Err("VMGEXIT call returned an error.")
+            Err("VMGEXIT call returned an error")
         }
     }
 }

experimental/sev_guest/src/guest.rs

@@ -156,28 +156,28 @@ impl GuestMessageHeader {
         if self.get_algorithm().is_none()
             || self.auth_header.algorithm == AeadAlgorithm::Invalid as u8
         {
-            return Err("Invalid AEAD algorithm");
+            return Err("invalid AEAD algorithm");
         }
         if self.get_message_type().is_none()
             || self.auth_header.message_type == MessageType::Invalid as u8
         {
-            return Err("Invalid message type");
+            return Err("invalid message type");
         }
         if self.auth_header.header_version != CURRENT_HEADER_VERSION {
-            return Err("Invalid header version");
+            return Err("invalid header version");
         }
         if self.auth_header.message_version != CURRENT_MESSAGE_VERSION {
-            return Err("Invalid message version");
+            return Err("invalid message version");
         }
         // For now we always assume we use VMPCK_0 to encrypt all messages.
         if self.auth_header.message_vmpck != 0 {
-            return Err("Invalid message VMPCK");
+            return Err("invalid message VMPCK");
         }
         if self.auth_header.header_size != size_of::<Self>() as u16 {
-            return Err("Invalid header size");
+            return Err("invalid header size");
         }
         if self.auth_header.message_size as usize > MAX_PAYLOAD_SIZE {
-            return Err("Invalid message size");
+            return Err("invalid message size");
         }
         Ok(())
     }
@@ -311,13 +311,13 @@ impl AttestationResponse {
     /// report format are all valid.
     pub fn validate(&self) -> Result<(), &'static str> {
         if self._reserved.iter().any(|&value| value != 0) {
-            return Err("Nonzero value in _reserved");
+            return Err("nonzero value in _reserved");
         }
         if self.get_status().is_none() {
-            return Err("Invalid status");
+            return Err("invalid status");
         }
         if self.report_size != size_of::<AttestationReport>() as u32 {
-            return Err("Invalid report size");
+            return Err("invalid report size");
         }
         self.report.validate()
     }
@@ -459,25 +459,25 @@ impl AttestationReportData {
         self.reported_tcb.validate()?;
         self.committed_tcb.validate()?;
         if self._reserved_0.iter().any(|&value| value != 0) {
-            return Err("Nonzero value in _reserved_0");
+            return Err("nonzero value in _reserved_0");
         }
         if self._reserved_1 != 0 {
-            return Err("Nonzero value in _reserved_1");
+            return Err("nonzero value in _reserved_1");
         }
         if self._reserved_2 != 0 {
-            return Err("Nonzero value in _reserved_2");
+            return Err("nonzero value in _reserved_2");
         }
         if self._reserved_3.iter().any(|&value| value != 0) {
-            return Err("Nonzero value in _reserved_3");
+            return Err("nonzero value in _reserved_3");
         }
         if self.signature_algo != SigningAlgorithm::EcdsaP384Sha384 as u32 {
-            return Err("Invalid signature algorithm");
+            return Err("invalid signature algorithm");
         }
         if self.get_platform_info().is_none() {
-            return Err("Invalid platform info");
+            return Err("invalid platform info");
         }
         if self.get_author_key_en().is_none() {
-            return Err("Invalid value for author_key_en");
+            return Err("invalid value for author_key_en");
         }
         Ok(())
     }
@@ -523,10 +523,10 @@ impl GuestPolicy {
     /// Checks that the flags are valid and the reserved bytes are all zero.
     pub fn validate(&self) -> Result<(), &'static str> {
         if self._reserved != 0 {
-            return Err("Nonzero value in _reserved");
+            return Err("nonzero value in _reserved");
         }
         if self.get_flags().is_none() {
-            return Err("Invalid flags");
+            return Err("invalid flags");
         }
         Ok(())
     }
@@ -556,7 +556,7 @@ impl TcbVersion {
     /// Checks that the reserved bytes are all zero.
     pub fn validate(&self) -> Result<(), &'static str> {
         if self._reserved.iter().any(|&value| value != 0) {
-            return Err("Nonzero value in _reserved");
+            return Err("nonzero value in _reserved");
         }
         Ok(())
     }
@@ -619,7 +619,7 @@ impl EcdsaSignature {
     /// Checks that the reserved bytes are all zero.
     pub fn validate_format(&self) -> Result<(), &'static str> {
         if self._reserved.iter().any(|&value| value != 0) {
-            return Err("Nonzero value in _reserved");
+            return Err("nonzero value in _reserved");
         }
         Ok(())
     }

experimental/sev_guest/src/instructions.rs

@@ -91,7 +91,7 @@ pub fn pvalidate(
         }
     } else {
         Err(InstructionError::from_repr(result)
-            .expect("Invalid return value from PVALIDATE instruction."))
+            .expect("invalid return value from PVALIDATE instruction"))
     }
 }
 
@@ -175,7 +175,7 @@ pub fn rmpadjust(
         Ok(())
     } else {
         Err(InstructionError::from_repr(result as u32)
-            .expect("Invalid return value from RMPADJUST instruction."))
+            .expect("invalid return value from RMPADJUST instruction"))
     }
 }
 

experimental/sev_guest/src/msr.rs

@@ -109,7 +109,7 @@ impl TryFrom<u64> for SevInfoResponse {
     fn try_from(msr_value: u64) -> Result<Self, &'static str> {
         const SEV_INFO_RESPONSE_INFO: u64 = 0x001;
         if msr_value & GHCB_INFO_MASK != SEV_INFO_RESPONSE_INFO {
-            return Err("Value is not a valid SEV information response");
+            return Err("value is not a valid SEV information response");
         }
         let max_protocol_version = (msr_value >> 48) as u16;
         let min_protocol_version = (msr_value >> 32) as u16;
@@ -179,12 +179,12 @@ impl TryFrom<u64> for CpuidResponse {
         const SEV_INFO_RESPONSE_INFO: u64 = 0x005;
         const RESERVED_MASK: u64 = 0x3FFFF000;
         if msr_value & GHCB_INFO_MASK != SEV_INFO_RESPONSE_INFO || msr_value & RESERVED_MASK != 0 {
-            return Err("Value is not a valid CPUID response");
+            return Err("value is not a valid CPUID response");
         }
         let value = (msr_value >> 32) as u32;
         const REGISTER_MASK: u64 = 0xC0000000;
         let register = CpuidRegister::from_repr(((msr_value & REGISTER_MASK) >> 30) as u8)
-            .ok_or("Invalid register")?;
+            .ok_or("invalid register")?;
         Ok(Self { value, register })
     }
 }
@@ -248,7 +248,7 @@ impl TryFrom<u64> for PreferredGhcbGpaResponse {
     fn try_from(msr_value: u64) -> Result<Self, &'static str> {
         const PREFERRED_GPA_RESPONSE_INFO: u64 = 0x011;
         if msr_value & GHCB_INFO_MASK != PREFERRED_GPA_RESPONSE_INFO {
-            return Err("Value is not a valid preferred GHCP GPA response");
+            return Err("value is not a valid preferred GHCP GPA response");
         }
         let ghcb_gpa = (msr_value & GCHP_DATA_MASK) as usize;
         Ok(Self { ghcb_gpa })
@@ -355,12 +355,12 @@ impl SnpPageStateChangeRequest {
     pub fn new(page_gpa: usize, assignment: PageAssignment) -> Result<Self, &'static str> {
         let page_gpa = page_gpa as u64;
         if page_gpa & GHCB_INFO_MASK != 0 {
-            return Err("Page must be 4KiB-aligned");
+            return Err("page must be 4KiB-aligned");
         }
         // Only 52 bits can be use for an address.
         const ADDRESS_MAX: u64 = (1 << 52) - 1;
         if page_gpa > ADDRESS_MAX {
-            return Err("Page address is too high");
+            return Err("page address is too high");
         }
         Ok(Self {
             page_gpa,
@@ -393,7 +393,7 @@ impl TryFrom<u64> for SnpPageStateChangeResponse {
         if msr_value & GHCB_INFO_MASK != SNP_PAGE_STATE_CHANGE_RESPONSE_INFO
             || msr_value & RESERVED_MASK != 0
         {
-            return Err("Value is not a valid SNP Page State Change response");
+            return Err("value is not a valid SNP Page State Change response");
         }
         let error_code = (msr_value >> 32) as u32;
         Ok(Self { error_code })
@@ -410,7 +410,7 @@ pub fn change_snp_page_state(request: SnpPageStateChangeRequest) -> Result<(), &
     let response: SnpPageStateChangeResponse = read_protocol_msr().try_into()?;
     // Ensure that the page state change was successful.
     if response.error_code != 0 {
-        return Err("Page state change failed");
+        return Err("page state change failed");
     }
     Ok(())
 }
@@ -460,10 +460,10 @@ impl TryFrom<u64> for HypervisorFeatureSupportResponse {
     fn try_from(msr_value: u64) -> Result<Self, &'static str> {
         const HYPERVISOR_FEATURE_SUPPORT_RESPONSE_INFO: u64 = 0x081;
         if msr_value & GHCB_INFO_MASK != HYPERVISOR_FEATURE_SUPPORT_RESPONSE_INFO {
-            return Err("Value is not a valid Hypervisor Feature Support response");
+            return Err("value is not a valid Hypervisor Feature Support response");
         }
         HypervisorFeatureSupportResponse::from_bits(msr_value >> 12)
-            .ok_or("Invalid Hypervisor Feature Support bitmap")
+            .ok_or("invalid Hypervisor Feature Support bitmap")
     }
 }
 

experimental/sev_guest/src/secrets.rs

@@ -93,13 +93,13 @@ impl SecretsPage {
     /// the reserved bytes are all zero.
     pub fn validate(&self) -> Result<(), &'static str> {
         if !(SECRETS_PAGE_MIN_VERSION..=SECRETS_PAGE_MAX_VERSION).contains(&self.version) {
-            return Err("Invalid version");
+            return Err("invalid version");
         }
         if self.get_imi_en().is_none() {
-            return Err("Invalid value for imi_en");
+            return Err("invalid value for imi_en");
         }
         if self._reserved != 0 {
-            return Err("Nonzero value in _reserved");
+            return Err("nonzero value in _reserved");
         }
         Ok(())
     }