Add slightly nicer error handling

mchack-work · mchack-work · commit afab1a72d440 · 2024-05-21T18:27:12.000+02:00
diff --git a/cmd/tkey-verification/remotesign.go b/cmd/tkey-verification/remotesign.go
@@ -17,12 +17,14 @@ import (
 func remoteSign(server Server, appBin AppBin, devPath string, firmwares Firmwares, verbose bool) {
 	udi, pubKey, fw, err := signChallenge(devPath, appBin, firmwares, verbose)
 	if err != nil {
-		le.Printf("Couldn't sign challenge: %s", err)
+		le.Printf("Couldn't sign challenge: %s\n", err)
 		os.Exit(1)
 	}
 
 	err = vendorSign(server, udi.Bytes, pubKey, fw, appBin)
 	if err != nil {
+		le.Printf("Couldn't get a vendor signature: %s\n", err)
+		os.Exit(1)
 	}
 
 	le.Printf("Remote Sign was successful\n")
@@ -33,15 +35,15 @@ func signChallenge(devPath string, appBin AppBin, firmwares Firmwares, verbose b
 	var fw Firmware
 	tk, err := tkey.NewTKey(devPath, verbose)
 	if err != nil {
-		return nil, nil, fw, fmt.Errorf("Couldn't connect to TKey: %v", err)
+		return nil, nil, fw, fmt.Errorf("%w", err)
 	}
 
 	defer tk.Close()
 
 	le.Printf("Loading device app built from %s ...\n", appBin.String())
 	pubKey, err := tk.LoadSigner(appBin.Bin)
 	if err != nil {
-		return nil, nil, fw, fmt.Errorf("couldn't load device app: %w", err)
+		return nil, nil, fw, fmt.Errorf("%w", err)
 	}
 	le.Printf("TKey UDI: %s\n", tk.Udi.String())
 
@@ -52,26 +54,26 @@ func signChallenge(devPath string, appBin AppBin, firmwares Firmwares, verbose b
 
 	fw, err = verifyFirmwareHash(*expectfw, *tk, pubKey)
 	if err != nil {
-		return nil, nil, fw, fmt.Errorf("verifyFirmwareHash failed: %w", err)
+		return nil, nil, fw, fmt.Errorf("%w", err)
 	}
 	le.Printf("TKey firmware with size:%d and verified hash:%0x…\n", fw.Size, fw.Hash[:16])
 
 	// Locally generate a challenge and sign it
 	challenge := make([]byte, 32)
 	if _, err = rand.Read(challenge); err != nil {
-		return nil, nil, fw, fmt.Errorf("rand.Read failed: %w", err)
+		return nil, nil, fw, fmt.Errorf("%w", err)
 	}
 
 	signature, err := tk.Sign(challenge)
 	if err != nil {
-		return nil, nil, fw, fmt.Errorf("tkey.Sign failed: %w", err)
+		return nil, nil, fw, fmt.Errorf("%w", err)
 	}
 
 	fmt.Printf("signature: %x\n", signature)
 
 	// Verify the signature against the extracted public key
 	if !ed25519.Verify(pubKey, challenge, signature) {
-		return nil, nil, fw, fmt.Errorf("device signature failed verification!")
+		return nil, nil, fw, fmt.Errorf("device signature failed verification")
 	}
 
 	return &tk.Udi, pubKey, fw, nil
diff --git a/internal/tkey/tkey.go b/internal/tkey/tkey.go
@@ -38,6 +38,17 @@ const (
 	wantAppName1 = "sign"
 )
 
+type constError string
+
+func (err constError) Error() string {
+	return string(err)
+}
+
+const (
+	ErrNoDevice    = constError("no TKey connected")
+	ErrNotFirmware = constError("not firmware")
+)
+
 var le = log.New(os.Stderr, "", 0)
 
 type TKey struct {
@@ -57,34 +68,34 @@ func NewTKey(devPath string, verbose bool) (*TKey, error) {
 	if devPath == "" {
 		devPath, err = util.DetectSerialPort(true)
 		if err != nil {
-			return nil, fmt.Errorf("no device")
+			return nil, ErrNoDevice
 		}
 	}
 
 	tk := tkeyclient.New()
 	le.Printf("Connecting to device on serial port %s ...\n", devPath)
 	if err := tk.Connect(devPath); err != nil {
-		return nil, fmt.Errorf("couldn't open device %s: %w\n", devPath, err)
+		return nil, fmt.Errorf("couldn't open device %s: %w", devPath, err)
 	}
 
 	nameVer, err := tk.GetNameVersion()
 	if err != nil {
 		le.Printf("Please unplug the TKey and plug it in again to put it in firmware-mode.\n")
 		le.Printf("Either the device path (%s) is wrong, or the TKey is not in firmware-mode (already running an app).\n", devPath)
-		return nil, fmt.Errorf("not firmware")
+		return nil, ErrNotFirmware
 	}
 	le.Printf("Firmware name0:'%s' name1:'%s' version:%d\n",
 		nameVer.Name0, nameVer.Name1, nameVer.Version)
 
 	tkUDI, err := tk.GetUDI()
 	if err != nil {
-		return nil, fmt.Errorf("GetUDI failed: %w\n", err)
+		return nil, fmt.Errorf("GetUDI failed: %w", err)
 	}
 
 	var udi UDI
 
 	if err = udi.fromRawLE(tkUDI.RawBytes()); err != nil {
-		return nil, fmt.Errorf("UDI fromRawLE failed: %w\n", err)
+		return nil, fmt.Errorf("UDI fromRawLE failed: %w", err)
 	}
 
 	tkey := TKey{
@@ -114,7 +125,7 @@ func (t *TKey) LoadSigner(bin []byte) ([]byte, error) {
 
 	// No USS.
 	if err = t.client.LoadApp(bin, []byte{}); err != nil {
-		return nil, fmt.Errorf("Failed to load app: %w\n", err)
+		return nil, fmt.Errorf("%w", err)
 	}
 	if t.verbose {
 		le.Printf("App loaded.\n")
@@ -124,7 +135,7 @@ func (t *TKey) LoadSigner(bin []byte) ([]byte, error) {
 
 	nameVer, err := t.signer.GetAppNameVersion()
 	if err != nil {
-		return nil, fmt.Errorf("GetAppNameVersion: %w\n", err)
+		return nil, fmt.Errorf("%w", err)
 	}
 
 	if t.verbose {
@@ -140,7 +151,7 @@ func (t *TKey) LoadSigner(bin []byte) ([]byte, error) {
 
 	pubKey, err := t.signer.GetPubkey()
 	if err != nil {
-		return nil, fmt.Errorf("GetPubKey failed: %w\n", err)
+		return nil, fmt.Errorf("%w", err)
 	}
 
 	return pubKey, nil
@@ -152,7 +163,7 @@ func (t *TKey) LoadSigner(bin []byte) ([]byte, error) {
 func (t TKey) Sign(message []byte) ([]byte, error) {
 	signature, err := t.signer.Sign(message)
 	if err != nil {
-		return nil, fmt.Errorf("Sign failed: %w", err)
+		return nil, fmt.Errorf("%w", err)
 	}
 
 	return signature, nil
@@ -163,7 +174,7 @@ func (t TKey) Sign(message []byte) ([]byte, error) {
 func (t TKey) GetFirmwareHash(firmwareSize int) ([]byte, error) {
 	fwHash, err := t.signer.GetFWDigest(firmwareSize)
 	if err != nil {
-		return nil, fmt.Errorf("GetFirmwareHash failed: %w", err)
+		return nil, fmt.Errorf("%w", err)
 	}
 
 	return fwHash, nil
