Add context to signature-related errors

Cargo.toml

@@ -113,3 +113,6 @@ codegen-units = 1
 name = "benchmarks"
 path = "benches/benchmark.rs"
 harness = false
+
+[package.metadata.cargo-semver-checks.lints]
+enum_variant_marked_deprecated = "warn"

src/alg_tests.rs

@@ -17,15 +17,15 @@
 use std::prelude::v1::*;
 
 use base64::{Engine as _, engine::general_purpose};
+use pki_types::alg_id;
 
-use crate::error::{DerTypeId, Error};
+use crate::error::{DerTypeId, Error, UnsupportedSignatureAlgorithmForPublicKeyContext};
 use crate::verify_cert::Budget;
 use crate::{der, signed_data};
 
 use super::{
-    INVALID_SIGNATURE_FOR_RSA_KEY, OK_IF_POINT_COMPRESSION_SUPPORTED, OK_IF_RSA_AVAILABLE,
-    SUPPORTED_ALGORITHMS_IN_TESTS, UNSUPPORTED_ECDSA_SHA512_SIGNATURE,
-    UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY,
+    OK_IF_POINT_COMPRESSION_SUPPORTED, SUPPORTED_ALGORITHMS_IN_TESTS, invalid_rsa_signature,
+    maybe_rsa, unsupported, unsupported_for_ecdsa, unsupported_for_rsa,
 };
 
 macro_rules! test_file_bytes {
@@ -113,7 +113,10 @@ fn test_ecdsa_prime256v1_sha512_spki_params_null() {
         test_verify_signed_data(test_file_bytes!(
             "ecdsa-prime256v1-sha512-spki-params-null.pem"
         )),
-        Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
+        Err(unsupported_for_ecdsa(
+            &alg_id::ECDSA_SHA512,
+            include_bytes!("../tests/signatures/alg-id-ecpublickey-params-null.der")
+        ))
     );
 }
 
@@ -135,7 +138,10 @@ fn test_ecdsa_prime256v1_sha512_using_ecdh_key() {
         test_verify_signed_data(test_file_bytes!(
             "ecdsa-prime256v1-sha512-using-ecdh-key.pem"
         )),
-        Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
+        Err(unsupported_for_ecdsa(
+            &alg_id::ECDSA_SHA512,
+            include_bytes!("../tests/signatures/alg-ecdh-secp256r1.der")
+        ))
     );
 }
 
@@ -147,7 +153,10 @@ fn test_ecdsa_prime256v1_sha512_using_ecmqv_key() {
         test_verify_signed_data(test_file_bytes!(
             "ecdsa-prime256v1-sha512-using-ecmqv-key.pem"
         )),
-        Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
+        Err(unsupported_for_ecdsa(
+            &alg_id::ECDSA_SHA512,
+            include_bytes!("../tests/signatures/alg-ecmqv-secp256r1.der")
+        ))
     );
 }
 
@@ -156,8 +165,11 @@ fn test_ecdsa_prime256v1_sha512_using_rsa_algorithm() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!(
             "ecdsa-prime256v1-sha512-using-rsa-algorithm.pem"
-        )),
-        Err(UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY)
+        ),),
+        Err(unsupported_for_rsa(
+            &alg_id::RSA_PKCS1_SHA512,
+            &alg_id::ECDSA_P256,
+        ))
     );
 }
 
@@ -169,7 +181,10 @@ fn test_ecdsa_prime256v1_sha512_wrong_signature_format() {
         test_verify_signed_data(test_file_bytes!(
             "ecdsa-prime256v1-sha512-wrong-signature-format.pem"
         )),
-        Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
+        Err(unsupported_for_ecdsa(
+            &alg_id::ECDSA_SHA512,
+            &alg_id::ECDSA_P256,
+        ))
     );
 }
 
@@ -178,7 +193,10 @@ fn test_ecdsa_prime256v1_sha512_wrong_signature_format() {
 fn test_ecdsa_prime256v1_sha512() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("ecdsa-prime256v1-sha512.pem")),
-        Err(UNSUPPORTED_ECDSA_SHA512_SIGNATURE)
+        Err(unsupported_for_ecdsa(
+            &alg_id::ECDSA_SHA512,
+            &alg_id::ECDSA_P256,
+        ))
     );
 }
 
@@ -204,7 +222,14 @@ fn test_ecdsa_secp384r1_sha256() {
 fn test_ecdsa_using_rsa_key() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("ecdsa-using-rsa-key.pem")),
-        Err(Error::UnsupportedSignatureAlgorithmForPublicKey)
+        Err(Error::UnsupportedSignatureAlgorithmForPublicKeyContext(
+            UnsupportedSignatureAlgorithmForPublicKeyContext {
+                #[cfg(feature = "alloc")]
+                signature_algorithm_id: alg_id::ECDSA_SHA256.as_ref().to_vec(),
+                #[cfg(feature = "alloc")]
+                public_key_algorithm_id: alg_id::RSA_ENCRYPTION.as_ref().to_vec(),
+            }
+        ))
     );
 }
 
@@ -228,7 +253,9 @@ fn test_rsa_pkcs1_sha1_bad_key_der_null() {
 fn test_rsa_pkcs1_sha1_key_params_absent() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pkcs1-sha1-key-params-absent.pem")),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsae-sha1.der"
+        )))
     );
 }
 
@@ -238,23 +265,27 @@ fn test_rsa_pkcs1_sha1_using_pss_key_no_params() {
         test_verify_signed_data(test_file_bytes!(
             "rsa-pkcs1-sha1-using-pss-key-no-params.pem"
         )),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsae-sha1.der"
+        )))
     );
 }
 
 #[test]
 fn test_rsa_pkcs1_sha1_wrong_algorithm() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pkcs1-sha1-wrong-algorithm.pem")),
-        Err(INVALID_SIGNATURE_FOR_RSA_KEY)
+        Err(invalid_rsa_signature())
     );
 }
 
 #[test]
 fn test_rsa_pkcs1_sha1() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pkcs1-sha1.pem")),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsae-sha1.der"
+        )))
     );
 }
 
@@ -267,7 +298,7 @@ fn test_rsa_pkcs1_sha1() {
 fn test_rsa_pkcs1_sha256() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pkcs1-sha256.pem")),
-        Err(INVALID_SIGNATURE_FOR_RSA_KEY)
+        Err(invalid_rsa_signature())
     );
 }
 
@@ -285,7 +316,10 @@ fn test_rsa_pkcs1_sha256_spki_non_null_params() {
         test_verify_signed_data(test_file_bytes!(
             "rsa-pkcs1-sha256-spki-non-null-params.pem"
         )),
-        Err(UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY)
+        Err(unsupported_for_rsa(
+            &alg_id::RSA_PKCS1_SHA256,
+            include_bytes!("../tests/signatures/alg-rsae-bad-params.der")
+        ))
     );
 }
 
@@ -295,15 +329,25 @@ fn test_rsa_pkcs1_sha256_using_ecdsa_algorithm() {
         test_verify_signed_data(test_file_bytes!(
             "rsa-pkcs1-sha256-using-ecdsa-algorithm.pem"
         )),
-        Err(Error::UnsupportedSignatureAlgorithmForPublicKey)
+        Err(Error::UnsupportedSignatureAlgorithmForPublicKeyContext(
+            UnsupportedSignatureAlgorithmForPublicKeyContext {
+                #[cfg(feature = "alloc")]
+                signature_algorithm_id: alg_id::ECDSA_SHA256.as_ref().to_vec(),
+                #[cfg(feature = "alloc")]
+                public_key_algorithm_id: alg_id::RSA_ENCRYPTION.as_ref().to_vec(),
+            }
+        ))
     );
 }
 
 #[test]
 fn test_rsa_pkcs1_sha256_using_id_ea_rsa() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pkcs1-sha256-using-id-ea-rsa.pem")),
-        Err(UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY)
+        Err(unsupported_for_rsa(
+            &alg_id::RSA_PKCS1_SHA256,
+            include_bytes!("../tests/signatures/alg-rsa-null-params.der")
+        ))
     );
 }
 
@@ -315,7 +359,9 @@ fn test_rsa_pss_sha1_salt20_using_pss_key_no_params() {
         test_verify_signed_data(test_file_bytes!(
             "rsa-pss-sha1-salt20-using-pss-key-no-params.pem"
         )),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-defaults.der"
+        )))
     );
 }
 
@@ -325,30 +371,38 @@ fn test_rsa_pss_sha1_salt20_using_pss_key_with_null_params() {
         test_verify_signed_data(test_file_bytes!(
             "rsa-pss-sha1-salt20-using-pss-key-with-null-params.pem"
         )),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-defaults.der"
+        )))
     );
 }
 #[test]
 fn test_rsa_pss_sha1_salt20() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pss-sha1-salt20.pem")),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-defaults.der"
+        )))
     );
 }
 
 #[test]
 fn test_rsa_pss_sha1_wrong_salt() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pss-sha1-wrong-salt.pem")),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-salt23.der"
+        )))
     );
 }
 
 #[test]
 fn test_rsa_pss_sha256_mgf1_sha512_salt33() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pss-sha256-mgf1-sha512-salt33.pem")),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-sha256-mgf1-sha512-salt33.der"
+        )))
     );
 }
 
@@ -358,7 +412,9 @@ fn test_rsa_pss_sha256_salt10_using_pss_key_with_params() {
         test_verify_signed_data(test_file_bytes!(
             "rsa-pss-sha256-salt10-using-pss-key-with-params.pem"
         )),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-sha256-mgf1-sha256-salt10.der"
+        )))
     );
 }
 #[test]
@@ -367,15 +423,19 @@ fn test_rsa_pss_sha256_salt10_using_pss_key_with_wrong_params() {
         test_verify_signed_data(test_file_bytes!(
             "rsa-pss-sha256-salt10-using-pss-key-with-wrong-params.pem"
         )),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-sha256-mgf1-sha256-salt10.der"
+        )))
     );
 }
 
 #[test]
 fn test_rsa_pss_sha256_salt10() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-pss-sha256-salt10.pem")),
-        Err(Error::UnsupportedSignatureAlgorithm)
+        Err(unsupported(include_bytes!(
+            "../tests/signatures/alg-rsapss-sha256-mgf1-sha256-salt10.der"
+        )))
     );
 }
 
@@ -385,23 +445,23 @@ fn test_rsa_pss_sha256_salt10() {
 fn test_rsa_pss_sha256_salt32() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("ours/rsa-pss-sha256-salt32.pem")),
-        OK_IF_RSA_AVAILABLE
+        maybe_rsa()
     );
 }
 
 #[test]
 fn test_rsa_pss_sha384_salt48() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("ours/rsa-pss-sha384-salt48.pem")),
-        OK_IF_RSA_AVAILABLE
+        maybe_rsa()
     );
 }
 
 #[test]
 fn test_rsa_pss_sha512_salt64() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("ours/rsa-pss-sha512-salt64.pem")),
-        OK_IF_RSA_AVAILABLE
+        maybe_rsa()
     );
 }
 
@@ -411,7 +471,7 @@ fn test_rsa_pss_sha256_salt32_corrupted_data() {
         test_verify_signed_data(test_file_bytes!(
             "ours/rsa-pss-sha256-salt32-corrupted-data.pem"
         )),
-        Err(INVALID_SIGNATURE_FOR_RSA_KEY)
+        Err(invalid_rsa_signature())
     );
 }
 
@@ -421,7 +481,7 @@ fn test_rsa_pss_sha384_salt48_corrupted_data() {
         test_verify_signed_data(test_file_bytes!(
             "ours/rsa-pss-sha384-salt48-corrupted-data.pem"
         )),
-        Err(INVALID_SIGNATURE_FOR_RSA_KEY)
+        Err(invalid_rsa_signature())
     );
 }
 
@@ -431,23 +491,26 @@ fn test_rsa_pss_sha512_salt64_corrupted_data() {
         test_verify_signed_data(test_file_bytes!(
             "ours/rsa-pss-sha512-salt64-corrupted-data.pem"
         )),
-        Err(INVALID_SIGNATURE_FOR_RSA_KEY)
+        Err(invalid_rsa_signature())
     );
 }
 
 #[test]
 fn test_rsa_using_ec_key() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa-using-ec-key.pem")),
-        Err(UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_RSA_KEY)
+        Err(unsupported_for_rsa(
+            &alg_id::RSA_PKCS1_SHA256,
+            &alg_id::ECDSA_P256
+        ))
     );
 }
 
 #[test]
 fn test_rsa2048_pkcs1_sha512() {
     assert_eq!(
         test_verify_signed_data(test_file_bytes!("rsa2048-pkcs1-sha512.pem")),
-        OK_IF_RSA_AVAILABLE
+        maybe_rsa()
     );
 }