openmls/treesync/
errors.rs

1//! TreeSync errors
2//!
3//! This module exposes [`ApplyUpdatePathError`] and [`PublicTreeError`].
4
5use thiserror::Error;
6
7use super::*;
8use crate::{
9    binary_tree::MlsBinaryTreeDiffError, ciphersuite::signable::SignatureError, error::LibraryError,
10};
11
12// === Public errors ===
13
14/// Public tree error
15#[derive(Error, Debug, PartialEq, Eq, Clone)]
16pub enum PublicTreeError {
17    /// See [`LibraryError`] for more details.
18    #[error(transparent)]
19    LibraryError(#[from] LibraryError),
20    /// The derived public key doesn't match the one in the tree.
21    #[error("The derived public key doesn't match the one in the tree.")]
22    PublicKeyMismatch,
23    /// Found two KeyPackages with the same public key.
24    #[error("Found two KeyPackages with the same public key.")]
25    DuplicateKeyPackage,
26    /// Couldn't find our own key package in this tree.
27    #[error("Couldn't find our own key package in this tree.")]
28    MissingKeyPackage,
29    /// The tree is malformed.
30    #[error("The tree is malformed.")]
31    MalformedTree,
32    /// A parent hash was invalid.
33    #[error("A parent hash was invalid.")]
34    InvalidParentHash,
35    /// An update failed because the provided credential has a different identity than the one in the leaf node.
36    #[error("An update failed because the provided credential has a different identity than the one in the leaf node.")]
37    IdentityMismatch,
38    /// See [`SignatureError`] for more details.
39    #[error(transparent)]
40    SignatureError(#[from] SignatureError),
41}
42
43/// Apply update path error
44#[derive(Error, Debug, PartialEq, Clone)]
45pub enum ApplyUpdatePathError {
46    /// See [`LibraryError`] for more details.
47    #[error(transparent)]
48    LibraryError(#[from] LibraryError),
49    /// The length of the received update path and that of the sender's direct path do not match.
50    #[error(
51        "The length of the received update path and that of the sender's direct path do not match."
52    )]
53    PathLengthMismatch,
54    /// The received update path and the derived nodes are not identical.
55    #[error("The received update path and the derived nodes are not identical.")]
56    PathMismatch,
57    /// The parent hash of the ney key package is invalid.
58    #[error("The parent hash of the ney key package is invalid.")]
59    ParentHashMismatch,
60    /// The parent hash of the ney key package is missing.
61    #[error("The parent hash of the ney key package is missing.")]
62    MissingParentHash,
63    /// Unable to decrypt the path node.
64    #[error("Unable to decrypt the path node.")]
65    UnableToDecrypt,
66    /// Unable to find sender in tree.
67    #[error("Unable to find sender in tree.")]
68    MissingSender,
69    /// Tree is already at maximum size.
70    #[error("Tree is already at maximum size.")]
71    TreeFull,
72    /// External Committer used the wrong index.
73    #[error("External Committer used the wrong index.")]
74    InconsistentSenderIndex,
75}
76
77// === Crate errors ===
78
79// `UnsupportedExtension` is only used in tests for now
80#[allow(dead_code)]
81/// TreeSync error
82#[derive(Error, Debug, PartialEq, Clone)]
83pub(crate) enum TreeSyncError {
84    /// See [`LibraryError`] for more details.
85    #[error(transparent)]
86    LibraryError(#[from] LibraryError),
87    /// A requested leaf is not in the tree.
88    #[error("The leaf does not exist in the tree.")]
89    LeafNotInTree,
90    /// See [`TreeSyncSetPathError`] for more details.
91    #[error(transparent)]
92    SetPathError(#[from] DerivePathError),
93    /// See [`MlsBinaryTreeError`] for more details.
94    #[error(transparent)]
95    BinaryTreeError(#[from] MlsBinaryTreeError),
96    /// See [`TreeSyncDiffError`] for more details.
97    #[error(transparent)]
98    TreeSyncDiffError(#[from] TreeSyncDiffError),
99    /// See [`PathSecretError`] for more details.
100    #[error(transparent)]
101    DerivationError(#[from] PathSecretError),
102
103    /// See [`CryptoError`] for more details.
104    #[error(transparent)]
105    CryptoError(#[from] CryptoError),
106    /// An extension type is not supported by a leaf in the tree.
107    #[error("An extension type is not supported by a leaf in the tree.")]
108    UnsupportedExtension,
109    /// A capability is not supported by a leaf in the tree.
110    #[error("A capability is not supported by a leaf in the tree.")]
111    UnsupportedCapabilities,
112    /// A proposal is not supported by a leaf in the tree.
113    #[error("A proposal is not supported by a leaf in the tree.")]
114    UnsupportedProposal,
115}
116
117/// Derive path error
118#[derive(Error, Debug, PartialEq, Clone)]
119pub(crate) enum DerivePathError {
120    /// See [`LibraryError`] for more details.
121    #[error(transparent)]
122    LibraryError(#[from] LibraryError),
123    /// The derived public key doesn't match the one in the tree.
124    #[error("The derived public key doesn't match the one in the tree.")]
125    PublicKeyMismatch,
126}
127
128/// TreeSync set path error
129#[derive(Error, Debug, PartialEq, Clone)]
130pub enum TreeSyncAddLeaf {
131    /// See [`LibraryError`] for more details.
132    #[error(transparent)]
133    LibraryError(#[from] LibraryError),
134    /// The tree is full, we cannot add any more leaves.
135    #[error("The tree is full, we cannot add any more leaves.")]
136    TreeFull,
137}
138
139/// TreeSync from nodes error
140#[derive(Error, Debug, PartialEq, Clone)]
141pub enum TreeSyncFromNodesError {
142    /// See [`LibraryError`] for more details.
143    #[error(transparent)]
144    LibraryError(#[from] LibraryError),
145    /// See [`PublicTreeError`] for more details.
146    #[error(transparent)]
147    PublicTreeError(#[from] PublicTreeError),
148    /// See [`RatchetTreeError`] for more details.
149    #[error(transparent)]
150    RatchetTreeError(#[from] RatchetTreeError),
151}
152
153/// TreeSync parent hash error
154#[derive(Error, Debug, PartialEq, Clone)]
155pub(crate) enum TreeSyncParentHashError {
156    /// See [`LibraryError`] for more details.
157    #[error(transparent)]
158    LibraryError(#[from] LibraryError),
159    /// Parent hash mismatch.
160    #[error("Parent hash mismatch.")]
161    InvalidParentHash,
162}
163
164/// TreeSync parent hash error
165#[derive(Error, Debug, PartialEq, Clone)]
166pub(crate) enum TreeSyncDiffError {
167    /// See [`LibraryError`] for more details.
168    #[error(transparent)]
169    LibraryError(#[from] LibraryError),
170    #[error(
171        "Couldn't find a fitting private key in the filtered resolution of the given leaf index."
172    )]
173    NoPrivateKeyFound,
174    /// See [`MlsBinaryTreeDiffError`] for more details.
175    #[error(transparent)]
176    TreeDiffError(#[from] MlsBinaryTreeDiffError),
177    /// See [`PathSecretError`] for more details.
178    #[error(transparent)]
179    DerivationError(#[from] PathSecretError),
180    /// See [`MlsBinaryTreeError`] for more details.
181    #[error(transparent)]
182    CreationError(#[from] MlsBinaryTreeError),
183}
184
185/// TreeKem error
186#[derive(Error, Debug, PartialEq, Clone)]
187#[allow(clippy::enum_variant_names)]
188pub(crate) enum TreeKemError {
189    /// See [`LibraryError`] for more details.
190    #[error(transparent)]
191    LibraryError(#[from] LibraryError),
192    /// See [`TreeSyncError`] for more details.
193    #[error(transparent)]
194    TreeSyncError(#[from] TreeSyncError),
195    /// See [`TreeSyncDiffError`] for more details.
196    #[error(transparent)]
197    TreeSyncDiffError(#[from] TreeSyncDiffError),
198    /// See [`PathSecretError`] for more details.
199    #[error(transparent)]
200    PathSecretError(#[from] PathSecretError),
201}
202
203/// Errors that can happen during leaf node validation.
204#[derive(Clone, Debug, Error, Eq, PartialEq)]
205pub enum LeafNodeValidationError {
206    /// Lifetime is not acceptable.
207    #[error("Lifetime is not acceptable.")]
208    Lifetime(LifetimeError),
209    /// Extensions are not acceptable.
210    #[error("Extensions are not acceptable.")]
211    UnsupportedExtensions,
212    /// Proposals are not acceptable.
213    #[error("Proposals are not acceptable.")]
214    UnsupportedProposals,
215    /// Credentials are not acceptable.
216    #[error("Credentials are not acceptable.")]
217    UnsupportedCredentials,
218    /// The leaf node's credential type is not listed in the leaf node's capabilities."
219    #[error("The leaf node's credential type is not listed in the leaf node's capabilities.")]
220    CredentialNotInCapabilities,
221    /// The leaf node's extension types are not (all) listed in the leaf node's capabilities.
222    #[error(
223        "The leaf node's extension types are not (all) listed in the leaf node's capabilities."
224    )]
225    ExtensionsNotInCapabilities,
226    /// The group's ciphersuite is not listed in the leaf node's capabilities.
227    #[error("The group's ciphersuite is not listed in the leaf node's capabilities.")]
228    CiphersuiteNotInCapabilities,
229    /// The leaf node's signature key is already used in the group.
230    #[error("The leaf node's signature key is already used in the group.")]
231    SignatureKeyAlreadyInUse,
232    /// The leaf node's encryption key is already used in the group.
233    #[error("The leaf node's encryption key is already used in the group.")]
234    EncryptionKeyAlreadyInUse,
235    /// The leaf node source is invalid in the given context.
236    #[error("The leaf node source is invalid in the given context.")]
237    InvalidLeafNodeSource,
238    /// The leaf node credential is not supported by all members in the group.
239    #[error("The leaf node credential is not supported by all members in the group.")]
240    LeafNodeCredentialNotSupportedByMember,
241    /// The credential used by a member is not supported by this leaf node.
242    #[error("The credential used by a member is not supported by this leaf node.")]
243    MemberCredentialNotSupportedByLeafNode,
244}
245
246/// Errors that can happen during lifetime validation.
247#[derive(Clone, Debug, Error, Eq, PartialEq)]
248pub enum LifetimeError {
249    /// Lifetime range is too wide.
250    #[error("Lifetime range is too wide.")]
251    RangeTooBig,
252    /// Lifetime doesn't cover current time.
253    #[error("Lifetime doesn't cover current time.")]
254    NotCurrent,
255}
256
257/// Errors that can happen during path validation.
258#[derive(Debug, Clone, PartialEq, Eq, Error)]
259pub enum UpdatePathError {
260    /// The update path contains an invalid type of leaf node.
261    #[error("The update path contains an invalid type of leaf node.")]
262    InvalidType,
263    /// See [`SignatureError`] for more details.
264    #[error(transparent)]
265    SignatureError(#[from] SignatureError),
266}