refactor: apply review suggestions and some more lints

Co-authored-by: Falko Galperin <falko1@uni-bremen.de>

Cargo.toml

@@ -4,7 +4,7 @@ description = "An implementation of the ACE-OAuth framework"
 version = "0.4.0"
 edition = "2021"
 authors = ["Falko Galperin <falko1@uni-bremen.de>"]
-rust-version = "1.58"
+rust-version = "1.62"
 license = "MIT OR Apache-2.0"
 keywords = ["no_std", "framework", "oauth", "ace"]
 categories = ["authentication", "data-structures", "embedded", "encoding", "no-std"]

src/common/test_helper.rs

@@ -20,7 +20,7 @@ use rand::{CryptoRng, Rng};
 
 use crate::common::cbor_map::ToCborMap;
 use crate::error::{AccessTokenError, CoseCipherError, MultipleCoseError};
-use crate::token::cose::encrypt::{CoseEncryptCipher, CoseKeyDistributionCipher};
+use crate::token::cose::encrypted::{CoseEncryptCipher, CoseKeyDistributionCipher};
 use crate::token::cose::key::{CoseEc2Key, CoseSymmetricKey};
 use crate::token::cose::CoseCipher;
 use crate::CoseSignCipher;
@@ -93,11 +93,6 @@ where
 {
     fn from(x: CoseCipherError<MultipleCoseError<C, K>>) -> Self {
         match x {
-            CoseCipherError::HeaderAlreadySet {
-                existing_header_name,
-            } => CoseCipherError::HeaderAlreadySet {
-                existing_header_name,
-            },
             CoseCipherError::VerificationFailure => CoseCipherError::VerificationFailure,
             CoseCipherError::DecryptionFailure => CoseCipherError::DecryptionFailure,
             CoseCipherError::Other(x) => CoseCipherError::Other(x.to_string()),
@@ -119,12 +114,9 @@ where
                 CoseCipherError::KeyAlgorithmMismatch(v, w)
             }
             CoseCipherError::DuplicateHeaders(v) => CoseCipherError::DuplicateHeaders(v),
-            CoseCipherError::InvalidKeyId(v) => CoseCipherError::InvalidKeyId(v),
             CoseCipherError::MissingKeyParam(v) => CoseCipherError::MissingKeyParam(v),
             CoseCipherError::InvalidKeyParam(v, w) => CoseCipherError::InvalidKeyParam(v, w),
-            CoseCipherError::TypeMismatch(v) => CoseCipherError::TypeMismatch(v),
             CoseCipherError::NoKeyFound => CoseCipherError::NoKeyFound,
-            CoseCipherError::IvRequired => CoseCipherError::IvRequired,
             CoseCipherError::MissingHeaderParam(v) => CoseCipherError::MissingHeaderParam(v),
             CoseCipherError::InvalidHeaderParam(v, w) => CoseCipherError::InvalidHeaderParam(v, w),
             CoseCipherError::AadUnsupported => CoseCipherError::AadUnsupported,
@@ -144,10 +136,6 @@ where
                 AccessTokenError::CoseCipherError(CoseCipherError::from(x))
             }
             AccessTokenError::UnknownCoseStructure => AccessTokenError::UnknownCoseStructure,
-            AccessTokenError::NoMatchingRecipient => AccessTokenError::NoMatchingRecipient,
-            AccessTokenError::MultipleMatchingRecipients => {
-                AccessTokenError::MultipleMatchingRecipients
-            }
         }
     }
 }

src/error/mod.rs

@@ -248,31 +248,24 @@ pub enum CoseCipherError<T>
 where
     T: Display,
 {
-    /// A header which the cipher is supposed to set has already been set.
-    HeaderAlreadySet {
-        /// The name of the header which has already been set.
-        existing_header_name: String,
-    },
     /// The given signature or MAC tag is either invalid or does not match the given data.
     VerificationFailure,
     /// The given ciphertext could not be decrypted.
     DecryptionFailure,
-    /// A different error has occurred. Details are provided in the contained error.
-    Other(T),
     /// Key type is not supported.
     UnsupportedKeyType(KeyType),
     /// Curve is not supported by coset or the chosen cryptographic backend.
     UnsupportedCurve(EllipticCurve),
-    /// Algorithm is not supported by coset or the chosen cryptographic backend.
+    /// Algorithm is not supported by coset, the chosen cryptographic backend or dcaf-rs itself.
     UnsupportedAlgorithm(Algorithm),
     /// The cryptographic backend does not support deriving the public key from the private key, and
-    /// your provided key does not provide the public key parts even though it is required for this
+    /// the provided key does not provide the public key parts even though it is required for this
     /// operation.
     UnsupportedKeyDerivation,
     /// The algorithm has not explicitly been specified anywhere (protected headers, unprotected
     /// headers or the key itself).
     NoAlgorithmDeterminable,
-    /// Your provided key does not support the given operation.
+    /// The provided key does not support the given operation.
     KeyOperationNotPermitted(BTreeSet<KeyOperation>, KeyOperation),
     /// Key in given curve must be in different format.
     KeyTypeCurveMismatch(KeyType, EllipticCurve),
@@ -281,50 +274,22 @@ where
     /// Algorithm provided in key does not match algorithm selected for operation.
     KeyAlgorithmMismatch(Algorithm, Algorithm),
     DuplicateHeaders(Vec<Label>),
-    InvalidKeyId(Vec<u8>),
     MissingKeyParam(KeyParam),
     InvalidKeyParam(KeyParam, Value),
     MissingHeaderParam(HeaderParam),
     InvalidHeaderParam(HeaderParam, Value),
-    TypeMismatch(Value),
     /// Provided algorithm does not support additional authenticated data (which also includes
     /// protected headers).
     AadUnsupported,
     NoKeyFound,
-    IvRequired,
+    /// A different error has occurred. Details are provided in the contained error.
+    Other(T),
 }
 
 impl<T> CoseCipherError<T>
 where
     T: Display,
 {
-    /// Creates a new [`CoseCipherError`] of type
-    /// [`HeaderAlreadySet`](CoseCipherError::HeaderAlreadySet) where the header
-    /// that was already set has the name of the given `label`.
-    #[must_use]
-    pub fn existing_header_label(label: &Label) -> CoseCipherError<T> {
-        let existing_header_name = match label {
-            Label::Int(i) => i.to_string(),
-            Label::Text(s) => s.to_string(),
-        };
-        CoseCipherError::HeaderAlreadySet {
-            existing_header_name,
-        }
-    }
-
-    /// Creates a new [`CoseCipherError`] of type
-    /// [`HeaderAlreadySet`](CoseCipherError::HeaderAlreadySet) where the header
-    /// that was already set has the given `name`.
-    #[must_use]
-    pub fn existing_header<S>(name: S) -> CoseCipherError<T>
-    where
-        S: Into<String>,
-    {
-        CoseCipherError::HeaderAlreadySet {
-            existing_header_name: name.into(),
-        }
-    }
-
     /// Creates a new [`CoseCipherError`] of type
     /// [`Other`](CoseCipherError::Other) (i.e., an error type that doesn't fit any other
     /// [`CoseCipherError`] variant) containing the given nested error `other`.
@@ -339,11 +304,6 @@ where
     ) -> CoseCipherError<MultipleCoseError<T, C>> {
         match error {
             CoseCipherError::Other(x) => CoseCipherError::Other(MultipleCoseError::KekError(x)),
-            CoseCipherError::HeaderAlreadySet {
-                existing_header_name,
-            } => CoseCipherError::HeaderAlreadySet {
-                existing_header_name,
-            },
             CoseCipherError::VerificationFailure => CoseCipherError::VerificationFailure,
             CoseCipherError::DecryptionFailure => CoseCipherError::DecryptionFailure,
             CoseCipherError::UnsupportedKeyType(v) => CoseCipherError::UnsupportedKeyType(v),
@@ -364,12 +324,9 @@ where
                 CoseCipherError::KeyAlgorithmMismatch(v, w)
             }
             CoseCipherError::DuplicateHeaders(v) => CoseCipherError::DuplicateHeaders(v),
-            CoseCipherError::InvalidKeyId(v) => CoseCipherError::InvalidKeyId(v),
             CoseCipherError::MissingKeyParam(v) => CoseCipherError::MissingKeyParam(v),
             CoseCipherError::InvalidKeyParam(v, w) => CoseCipherError::InvalidKeyParam(v, w),
-            CoseCipherError::TypeMismatch(v) => CoseCipherError::TypeMismatch(v),
             CoseCipherError::NoKeyFound => CoseCipherError::NoKeyFound,
-            CoseCipherError::IvRequired => CoseCipherError::IvRequired,
             CoseCipherError::MissingHeaderParam(v) => CoseCipherError::MissingHeaderParam(v),
             CoseCipherError::InvalidHeaderParam(v, w) => CoseCipherError::InvalidHeaderParam(v, w),
             CoseCipherError::AadUnsupported => CoseCipherError::AadUnsupported,
@@ -381,11 +338,6 @@ where
     ) -> CoseCipherError<MultipleCoseError<K, T>> {
         match error {
             CoseCipherError::Other(x) => CoseCipherError::Other(MultipleCoseError::CekError(x)),
-            CoseCipherError::HeaderAlreadySet {
-                existing_header_name,
-            } => CoseCipherError::HeaderAlreadySet {
-                existing_header_name,
-            },
             CoseCipherError::VerificationFailure => CoseCipherError::VerificationFailure,
             CoseCipherError::DecryptionFailure => CoseCipherError::DecryptionFailure,
             CoseCipherError::UnsupportedKeyType(v) => CoseCipherError::UnsupportedKeyType(v),
@@ -406,12 +358,9 @@ where
                 CoseCipherError::KeyAlgorithmMismatch(v, w)
             }
             CoseCipherError::DuplicateHeaders(v) => CoseCipherError::DuplicateHeaders(v),
-            CoseCipherError::InvalidKeyId(v) => CoseCipherError::InvalidKeyId(v),
             CoseCipherError::MissingKeyParam(v) => CoseCipherError::MissingKeyParam(v),
             CoseCipherError::InvalidKeyParam(v, w) => CoseCipherError::InvalidKeyParam(v, w),
-            CoseCipherError::TypeMismatch(v) => CoseCipherError::TypeMismatch(v),
             CoseCipherError::NoKeyFound => CoseCipherError::NoKeyFound,
-            CoseCipherError::IvRequired => CoseCipherError::IvRequired,
             CoseCipherError::MissingHeaderParam(v) => CoseCipherError::MissingHeaderParam(v),
             CoseCipherError::InvalidHeaderParam(v, w) => CoseCipherError::InvalidHeaderParam(v, w),
             CoseCipherError::AadUnsupported => CoseCipherError::AadUnsupported,
@@ -425,13 +374,7 @@ where
 {
     fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result {
         match self {
-            // TODO this can probably be done better (use thiserror instead as soon as std::error::Error has been moved to core?)
-            CoseCipherError::HeaderAlreadySet {
-                existing_header_name,
-            } => write!(
-                f,
-                "cipher-defined header '{existing_header_name}' already set"
-            ),
+            // TODO (#14): this can probably be done better (use thiserror instead as soon as std::error::Error has been moved to core?)
             CoseCipherError::VerificationFailure => write!(f, "data verification failed"),
             CoseCipherError::DecryptionFailure => write!(f, "decryption failed"),
             CoseCipherError::Other(s) => write!(f, "{s}"),
@@ -458,21 +401,11 @@ where
                 write!(f, "key does not support the given algorithm")
             }
             CoseCipherError::DuplicateHeaders(_) => write!(f, "duplicate headers"),
-            // TODO is this one still needed or maybe misnamed?
-            CoseCipherError::InvalidKeyId(_) => write!(f, "invalid key ID"),
             CoseCipherError::MissingKeyParam(_) => write!(f, "required key parameter missing"),
             CoseCipherError::InvalidKeyParam(_, _) => write!(f, "key parameter has invalid value"),
-            // TODO is this one still needed or maybe misnamed?
-            CoseCipherError::TypeMismatch(_) => write!(f, "key parameter has invalid type"),
             CoseCipherError::NoKeyFound => {
                 write!(f, "no suitable key was found for this operation")
             }
-            CoseCipherError::IvRequired => {
-                write!(
-                    f,
-                    "chosen algorithm requires an initialization vector, but none was provided"
-                )
-            }
             CoseCipherError::MissingHeaderParam(_) => {
                 write!(f, "header parameter missing")
             }
@@ -638,14 +571,6 @@ where
     /// [`CoseEncrypt0`](coset::CoseEncrypt0), [`CoseSign1`](coset::CoseSign1),
     /// nor [`CoseMac0`](coset::CoseMac0).
     UnknownCoseStructure,
-    /// No matching recipient was found in the list of COSE_Recipient structures.
-    /// This means that the given Key Encryption Key could not be used to decrypt any of the
-    /// recipients, which means no Content Encryption Key could be extracted.
-    NoMatchingRecipient,
-    /// Multiple matching recipients were found in the list of COSE_Recipient structures.
-    /// This means that the given Key Encryption Key could be used to decrypt multiple of the
-    /// recipients, which means the token is malformed.
-    MultipleMatchingRecipients,
 }
 
 impl<T> Display for AccessTokenError<T>
@@ -660,12 +585,6 @@ where
                 f,
                 "input is either invalid or none of CoseEncrypt0, CoseSign1 nor CoseMac0"
             ),
-            AccessTokenError::NoMatchingRecipient => {
-                write!(f, "given KEK doesn't match any recipient")
-            }
-            AccessTokenError::MultipleMatchingRecipients => {
-                write!(f, "given KEK matches multiple recipients")
-            }
         }
     }
 }
@@ -706,10 +625,6 @@ where
             }
             AccessTokenError::CoseError(x) => AccessTokenError::CoseError(x),
             AccessTokenError::UnknownCoseStructure => AccessTokenError::UnknownCoseStructure,
-            AccessTokenError::NoMatchingRecipient => AccessTokenError::NoMatchingRecipient,
-            AccessTokenError::MultipleMatchingRecipients => {
-                AccessTokenError::MultipleMatchingRecipients
-            }
         }
     }
 
@@ -722,10 +637,6 @@ where
             }
             AccessTokenError::CoseError(x) => AccessTokenError::CoseError(x),
             AccessTokenError::UnknownCoseStructure => AccessTokenError::UnknownCoseStructure,
-            AccessTokenError::NoMatchingRecipient => AccessTokenError::NoMatchingRecipient,
-            AccessTokenError::MultipleMatchingRecipients => {
-                AccessTokenError::MultipleMatchingRecipients
-            }
         }
     }
 }

src/token/cose/crypto_impl/openssl.rs

@@ -26,11 +26,11 @@ use openssl::symm::{decrypt_aead, encrypt_aead, Cipher};
 use strum_macros::Display;
 
 use crate::error::CoseCipherError;
-use crate::token::cose::encrypt::{CoseEncryptCipher, CoseKeyDistributionCipher};
+use crate::token::cose::encrypted::{CoseEncryptCipher, CoseKeyDistributionCipher};
 use crate::token::cose::header_util::HeaderParam;
 use crate::token::cose::key::{CoseEc2Key, CoseSymmetricKey, EllipticCurve};
-use crate::token::cose::mac::CoseMacCipher;
-use crate::token::cose::sign::CoseSignCipher;
+use crate::token::cose::maced::CoseMacCipher;
+use crate::token::cose::signed::CoseSignCipher;
 use crate::token::cose::CoseCipher;
 
 /// Represents an error caused by the OpenSSL cryptographic backend.
@@ -307,11 +307,9 @@ fn verify_ecdsa(
         .map_err(CoseOpensslCipherError::from)
         .map_err(CoseCipherError::from)
         .and_then(|verification_successful| {
-            if verification_successful {
-                Ok(())
-            } else {
-                Err(CoseCipherError::VerificationFailure)
-            }
+            verification_successful
+                .then_some(())
+                .ok_or(CoseCipherError::VerificationFailure)
         })
 }
 

src/token/cose/encrypt/encrypt/mod.rs → src/token/cose/encrypted/encrypt/mod.rs

@@ -5,9 +5,9 @@ use core::cell::RefCell;
 use coset::{CoseEncrypt, CoseEncryptBuilder, EncryptionContext, Header};
 
 use crate::error::CoseCipherError;
-use crate::token::cose::encrypt;
-use crate::token::cose::encrypt::try_decrypt;
-use crate::token::cose::encrypt::{CoseEncryptCipher, CoseKeyDistributionCipher};
+use crate::token::cose::encrypted;
+use crate::token::cose::encrypted::try_decrypt;
+use crate::token::cose::encrypted::{CoseEncryptCipher, CoseKeyDistributionCipher};
 use crate::token::cose::key::{CoseAadProvider, CoseKeyProvider};
 use crate::token::cose::recipient::{
     struct_to_recipient_context, CoseNestedRecipientSearchContext,
@@ -55,7 +55,7 @@ impl CoseEncryptBuilderExt for CoseEncryptBuilder {
                 unprotected.as_ref(),
             ),
             |plaintext, aad| {
-                encrypt::try_encrypt(
+                encrypted::try_encrypt(
                     backend,
                     key_provider,
                     protected.as_ref(),
@@ -108,7 +108,7 @@ impl CoseEncryptExt for CoseEncrypt {
                 Some(&self.unprotected),
             ),
             |ciphertext, aad| {
-                encrypt::try_decrypt(
+                encrypted::try_decrypt(
                     &backend,
                     &key_provider,
                     &self.protected.header,

src/token/cose/encrypt/encrypt/tests.rs → src/token/cose/encrypted/encrypt/tests.rs

@@ -10,8 +10,10 @@ use coset::{
 use rstest::rstest;
 
 use crate::token::cose::crypto_impl::openssl::OpensslContext;
-use crate::token::cose::encrypt::encrypt::{CoseEncryptBuilderExt, CoseEncryptExt};
-use crate::token::cose::encrypt::{CoseEncryptCipher, CoseKeyDistributionCipher, HeaderBuilderExt};
+use crate::token::cose::encrypted::encrypt::{CoseEncryptBuilderExt, CoseEncryptExt};
+use crate::token::cose::encrypted::{
+    CoseEncryptCipher, CoseKeyDistributionCipher, HeaderBuilderExt,
+};
 use crate::token::cose::header_util::determine_algorithm;
 use crate::token::cose::key::CoseSymmetricKey;
 use crate::token::cose::recipient::CoseRecipientBuilderExt;

src/token/cose/encrypt/encrypt0/mod.rs → src/token/cose/encrypted/encrypt0/mod.rs

@@ -5,8 +5,8 @@ use core::cell::RefCell;
 use coset::{CoseEncrypt0, CoseEncrypt0Builder, EncryptionContext, Header};
 
 use crate::error::CoseCipherError;
-use crate::token::cose::encrypt;
-use crate::token::cose::encrypt::CoseEncryptCipher;
+use crate::token::cose::encrypted;
+use crate::token::cose::encrypted::CoseEncryptCipher;
 use crate::token::cose::key::{CoseAadProvider, CoseKeyProvider};
 
 #[cfg(all(test, feature = "std"))]
@@ -39,7 +39,7 @@ impl CoseEncrypt0Ext for CoseEncrypt0 {
                 Some(&self.unprotected),
             ),
             |ciphertext, aad| {
-                encrypt::try_decrypt(
+                encrypted::try_decrypt(
                     &backend,
                     &key_provider,
                     &self.protected.header,
@@ -92,7 +92,7 @@ impl CoseEncrypt0BuilderExt for CoseEncrypt0Builder {
                 unprotected.as_ref(),
             ),
             |plaintext, aad| {
-                encrypt::try_encrypt(
+                encrypted::try_encrypt(
                     backend,
                     key_provider,
                     protected.as_ref(),

src/token/cose/encrypt/encrypt0/tests.rs → src/token/cose/encrypted/encrypt0/tests.rs

@@ -5,8 +5,8 @@ use coset::{CoseEncrypt0, CoseEncrypt0Builder, CoseError, CoseKey, HeaderBuilder
 use rstest::rstest;
 
 use crate::token::cose::crypto_impl::openssl::OpensslContext;
-use crate::token::cose::encrypt::encrypt0::{CoseEncrypt0BuilderExt, CoseEncrypt0Ext};
-use crate::token::cose::encrypt::{CoseEncryptCipher, HeaderBuilderExt};
+use crate::token::cose::encrypted::encrypt0::{CoseEncrypt0BuilderExt, CoseEncrypt0Ext};
+use crate::token::cose::encrypted::{CoseEncryptCipher, HeaderBuilderExt};
 use crate::token::cose::test_helper::{
     apply_attribute_failures, apply_header_failures, perform_cose_reference_output_test,
     perform_cose_self_signed_test, serialize_cose_with_failures, CoseStructTestHelper, TestCase,