diff --git a/claims.go b/claims.go index 3c923e9..6be7cf0 100644 --- a/claims.go +++ b/claims.go @@ -2,7 +2,7 @@ package paseto import ( "crypto/subtle" - "errors" + "fmt" "time" ) @@ -21,10 +21,7 @@ func ForAudience(audience string) Rule { } if subtle.ConstantTimeCompare([]byte(tAud), []byte(audience)) == 0 { - return errors.New( - "this token is not intended for `" + - audience + "`. `" + tAud + "` found", - ) + return fmt.Errorf("this token is not intended for `%s'. `%s' found", audience, tAud) } return nil @@ -41,10 +38,7 @@ func IdentifiedBy(identifier string) Rule { } if subtle.ConstantTimeCompare([]byte(tJti), []byte(identifier)) == 0 { - return errors.New( - "this token is not identified by `" + - identifier + "`. `" + tJti + "` found", - ) + return fmt.Errorf("this token is not identified by `%s'. `%s' found", identifier, tJti) } return nil @@ -63,10 +57,7 @@ func IssuedBy(issuer string) Rule { issBytes := []byte(issuer) if subtle.ConstantTimeCompare(tIssBytes, issBytes) == 0 { - return errors.New( - "this token is not issued by `" + - issuer + "`. `" + tIss + "` found", - ) + return fmt.Errorf("this token is not issued by `%s'. `%s' found", issuer, tIss) } return nil @@ -85,7 +76,7 @@ func NotExpired() Rule { } if time.Now().After(exp) { - return errors.New("this token has expired") + return fmt.Errorf("this token has expired") } return nil @@ -101,10 +92,7 @@ func Subject(subject string) Rule { } if subtle.ConstantTimeCompare([]byte(tSub), []byte(subject)) == 0 { - return errors.New( - "this token is not related to `" + - subject + "`. `" + tSub + "` found", - ) + return fmt.Errorf("this token is not related to `%s'. `%s' found", subject, tSub) } return nil @@ -121,7 +109,7 @@ func ValidAt(t time.Time) Rule { return err } if t.Before(iat) { - return errors.New("the ValidAt time is before this token was issued") + return fmt.Errorf("the ValidAt time is before this token was issued") } nbf, err := token.GetNotBefore() @@ -129,7 +117,7 @@ func ValidAt(t time.Time) Rule { return err } if t.Before(nbf) { - return errors.New("the ValidAt time is before this token's not before time") + return fmt.Errorf("the ValidAt time is before this token's not before time") } exp, err := token.GetExpiration() @@ -137,7 +125,7 @@ func ValidAt(t time.Time) Rule { return err } if t.After(exp) { - return errors.New("the ValidAt time is after this token expires") + return fmt.Errorf("the ValidAt time is after this token expires") } return nil diff --git a/errors.go b/errors.go new file mode 100644 index 0000000..d9167a0 --- /dev/null +++ b/errors.go @@ -0,0 +1,39 @@ +package paseto + +import "fmt" + +func errorKeyLength(expected, given int) error { + return fmt.Errorf("key length incorrect (%d), expected %d", given, expected) +} + +func errorSeedLength(expected, given int) error { + return fmt.Errorf("seed length incorrect (%d), expected %d", given, expected) +} + +func errorMessageParts(given int) error { + return fmt.Errorf("invalid number of message parts in token (%d)", given) +} + +func errorMessageHeader(expected Protocol, givenHeader string) error { + return fmt.Errorf("message header `%s' is not valid, expected `%s'", givenHeader, expected.Header()) +} + +func errorMessageHeaderDecrypt(expected Protocol, givenHeader string) error { + return fmt.Errorf("cannot decrypt message: %w", errorMessageHeader(expected, givenHeader)) +} + +func errorMessageHeaderVerify(expected Protocol, givenHeader string) error { + return fmt.Errorf("cannot verify message: %w", errorMessageHeader(expected, givenHeader)) +} + +var unsupportedPasetoVersion = fmt.Errorf("unsupported PASETO version") +var unsupportedPasetoPurpose = fmt.Errorf("unsupported PASETO purpose") +var unsupportedPayload = fmt.Errorf("unsupported payload") + +var errorPayloadShort = fmt.Errorf("payload is not long enough to be a valid PASETO message") +var errorBadSignature = fmt.Errorf("bad signature") +var errorBadMAC = fmt.Errorf("bad message authentication code") + +func errorDecrypt(err error) error { + return fmt.Errorf("the message could not be decrypted: %w", err) +} diff --git a/go.mod b/go.mod index 0c0621b..88f3860 100644 --- a/go.mod +++ b/go.mod @@ -3,14 +3,13 @@ module aidanwoods.dev/go-paseto go 1.17 require ( - github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.7.0 - golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 + golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa ) require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect + golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) diff --git a/go.sum b/go.sum index c4dc1dd..3717f9f 100644 --- a/go.sum +++ b/go.sum @@ -1,21 +1,19 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0= -golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220804214406-8e32c043e418 h1:9vYwv7OjYaky/tlAeD7C4oC9EsPTlaFl1H2jS++V+ME= +golang.org/x/sys v0.0.0-20220804214406-8e32c043e418/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/message.go b/message.go index 5499924..8219baa 100644 --- a/message.go +++ b/message.go @@ -4,7 +4,6 @@ import ( "strings" "aidanwoods.dev/go-paseto/internal/encoding" - "github.com/pkg/errors" ) // Message is a building block type, only use if you need to use Paseto @@ -25,7 +24,7 @@ func newMessage(protocol Protocol, token string) (message, error) { } if header != protocol.Header() { - return message{}, errors.Errorf("Message header is not valid with the given purpose, expected %s got %s", protocol.Header(), header) + return message{}, errorMessageHeader(protocol, header) } payloadBytes, err := encoding.Decode(encodedPayload) @@ -82,7 +81,7 @@ func deconstructToken(token string) (header string, encodedPayload string, encod partsLen := len(parts) if partsLen != 3 && partsLen != 4 { - err = errors.New("Invalid number of message parts in token") + err = errorMessageParts(len(parts)) return } diff --git a/paseto.go b/paseto.go index 767a46d..10c87ce 100644 --- a/paseto.go +++ b/paseto.go @@ -1,7 +1,6 @@ package paseto import ( - "errors" "fmt" ) @@ -53,11 +52,11 @@ type Protocol struct { func NewProtocol(version Version, purpose Purpose) (Protocol, error) { switch version { default: - return Protocol{}, errors.New("Unsupported PASETO version") + return Protocol{}, unsupportedPasetoVersion case Version2: switch purpose { default: - return Protocol{}, errors.New("Unsupported PASETO purpose") + return Protocol{}, unsupportedPasetoPurpose case Local: return V2Local, nil case Public: @@ -66,7 +65,7 @@ func NewProtocol(version Version, purpose Purpose) (Protocol, error) { case Version3: switch purpose { default: - return Protocol{}, errors.New("Unsupported PASETO purpose") + return Protocol{}, unsupportedPasetoPurpose case Local: return V3Local, nil case Public: @@ -75,7 +74,7 @@ func NewProtocol(version Version, purpose Purpose) (Protocol, error) { case Version4: switch purpose { default: - return Protocol{}, errors.New("Unsupported PASETO purpose") + return Protocol{}, unsupportedPasetoPurpose case Local: return V4Local, nil case Public: @@ -102,11 +101,11 @@ func (p Protocol) Purpose() Purpose { func (p Protocol) newPayload(bytes []byte) (payload, error) { switch p.version { default: - return nil, errors.New("Unsupported PASETO version") + return nil, unsupportedPasetoVersion case Version2: switch p.purpose { default: - return nil, errors.New("Unsupported PASETO purpose") + return nil, unsupportedPasetoPurpose case Local: return newV2LocalPayload(bytes) case Public: @@ -115,7 +114,7 @@ func (p Protocol) newPayload(bytes []byte) (payload, error) { case Version3: switch p.purpose { default: - return nil, errors.New("Unsupported PASETO purpose") + return nil, unsupportedPasetoPurpose case Local: return newV3LocalPayload(bytes) case Public: @@ -124,7 +123,7 @@ func (p Protocol) newPayload(bytes []byte) (payload, error) { case Version4: switch p.purpose { default: - return nil, errors.New("Unsupported PASETO purpose") + return nil, unsupportedPasetoPurpose case Local: return newV4LocalPayload(bytes) case Public: @@ -140,7 +139,7 @@ type payload interface { func protocolForPayload(payload payload) (Protocol, error) { switch payload.(type) { default: - return Protocol{}, errors.New("Unsupported Payload") + return Protocol{}, unsupportedPayload case v2LocalPayload: return V2Local, nil case v2PublicPayload: diff --git a/token.go b/token.go index a93dcd2..f5a613c 100644 --- a/token.go +++ b/token.go @@ -2,9 +2,8 @@ package paseto import ( "encoding/json" + "fmt" "time" - - "github.com/pkg/errors" ) // Token is a set of paseto claims, and a footer @@ -50,7 +49,7 @@ func NewTokenFromClaimsJSON(claimsData []byte, footer []byte) (*Token, error) { func (t *Token) Set(key string, value interface{}) error { v, err := newTokenValue(value) if err != nil { - return errors.Wrapf(err, "could not set key `%s`", key) + return fmt.Errorf("could not set key `%s': %w", key, err) } t.claims[key] = *v @@ -63,7 +62,7 @@ func (t *Token) Set(key string, value interface{}) error { func (t Token) Get(key string, output interface{}) (err error) { v, ok := t.claims[key] if !ok { - return errors.Errorf("value for key `%s' not present in claims", key) + return fmt.Errorf("value for key `%s' not present in claims", key) } if err := json.Unmarshal(v.rawValue, &output); err != nil { diff --git a/v2.go b/v2.go index ae360cb..7c977dc 100644 --- a/v2.go +++ b/v2.go @@ -6,7 +6,6 @@ import ( "aidanwoods.dev/go-paseto/internal/encoding" "aidanwoods.dev/go-paseto/internal/hashing" "aidanwoods.dev/go-paseto/internal/random" - "github.com/pkg/errors" "golang.org/x/crypto/chacha20poly1305" ) @@ -31,7 +30,7 @@ func v2PublicSign(packet packet, key V2AsymmetricSecretKey) message { func v2PublicVerify(msg message, key V2AsymmetricPublicKey) (packet, error) { payload, ok := msg.p.(v2PublicPayload) if msg.header() != V2Public.Header() || !ok { - return packet{}, errors.Errorf("Cannot decrypt message with header: %s", msg.header()) + return packet{}, errorMessageHeaderVerify(V2Public, msg.header()) } header, footer := []byte(msg.header()), msg.footer @@ -40,7 +39,7 @@ func v2PublicVerify(msg message, key V2AsymmetricPublicKey) (packet, error) { m2 := encoding.Pae(header, data, footer) if !ed25519.Verify(key.material, m2, payload.signature[:]) { - return packet{}, errors.Errorf("Bad signature") + return packet{}, errorBadSignature } return packet{data, footer}, nil @@ -70,7 +69,7 @@ func v2LocalEncrypt(p packet, key V2SymmetricKey, unitTestNonce []byte) message func v2LocalDecrypt(msg message, key V2SymmetricKey) (packet, error) { payload, ok := msg.p.(v2LocalPayload) if msg.header() != V2Local.Header() || !ok { - return packet{}, errors.Errorf("Cannot decrypt message with header: %s", msg.header()) + return packet{}, errorMessageHeaderDecrypt(V2Local, msg.header()) } nonce, cipherText := payload.nonce, payload.cipherText @@ -86,7 +85,7 @@ func v2LocalDecrypt(msg message, key V2SymmetricKey) (packet, error) { plainText, err := cipher.Open(nil, nonce[:], cipherText, preAuth) if err != nil { - return packet{}, errors.Errorf("The message could not be decrypted. %s", err) + return packet{}, errorDecrypt(err) } return packet{plainText, msg.footer}, nil diff --git a/v2_keys.go b/v2_keys.go index 6ace069..c753493 100644 --- a/v2_keys.go +++ b/v2_keys.go @@ -5,7 +5,6 @@ import ( "encoding/hex" "aidanwoods.dev/go-paseto/internal/random" - "github.com/pkg/errors" ) // V2AsymmetricPublicKey V2 public public key @@ -30,7 +29,7 @@ func NewV2AsymmetricPublicKeyFromBytes(publicKey []byte) (V2AsymmetricPublicKey, if len(publicKey) != 32 { // even though we return error, return a random key here rather than // a nil key - return NewV2AsymmetricSecretKey().Public(), errors.New("Key incorrect length") + return NewV2AsymmetricSecretKey().Public(), errorKeyLength(32, len(publicKey)) } return V2AsymmetricPublicKey{publicKey}, nil @@ -108,7 +107,7 @@ func NewV2AsymmetricSecretKeyFromBytes(privateKey []byte) (V2AsymmetricSecretKey if len(privateKey) != 64 { // even though we return error, return a random key here rather than // a nil key - return NewV2AsymmetricSecretKey(), errors.New("Key incorrect length") + return NewV2AsymmetricSecretKey(), errorKeyLength(64, len(privateKey)) } return V2AsymmetricSecretKey{privateKey}, nil @@ -127,7 +126,7 @@ func NewV2AsymmetricSecretKeyFromSeed(hexEncoded string) (V2AsymmetricSecretKey, if len(seedBytes) != 32 { // even though we return error, return a random key here rather than // a nil key - return NewV2AsymmetricSecretKey(), errors.New("Key incorrect length") + return NewV2AsymmetricSecretKey(), errorSeedLength(32, len(seedBytes)) } return V2AsymmetricSecretKey{ed25519.NewKeyFromSeed(seedBytes)}, nil @@ -173,7 +172,7 @@ func V2SymmetricKeyFromBytes(bytes []byte) (V2SymmetricKey, error) { if len(bytes) != 32 { // even though we return error, return a random key here rather than // a nil key - return NewV2SymmetricKey(), errors.New("Key incorrect length") + return NewV2SymmetricKey(), errorKeyLength(32, len(bytes)) } var material [32]byte diff --git a/v2_payloads.go b/v2_payloads.go index e536c68..f0a8f11 100644 --- a/v2_payloads.go +++ b/v2_payloads.go @@ -1,9 +1,5 @@ package paseto -import ( - "github.com/pkg/errors" -) - type v2PublicPayload struct { message []byte signature [64]byte @@ -16,7 +12,7 @@ func (p v2PublicPayload) bytes() []byte { func newV2PublicPayload(bytes []byte) (v2PublicPayload, error) { signatureOffset := len(bytes) - 64 if signatureOffset < 0 { - return v2PublicPayload{}, errors.New("Payload is not long enough to be a valid Paseto message") + return v2PublicPayload{}, errorPayloadShort } message := make([]byte, len(bytes)-64) @@ -39,7 +35,7 @@ func (p v2LocalPayload) bytes() []byte { func newV2LocalPayload(bytes []byte) (v2LocalPayload, error) { if len(bytes) <= 24 { - return v2LocalPayload{}, errors.New("Payload is not long enough to be a valid Paseto message") + return v2LocalPayload{}, errorPayloadShort } var nonce [24]byte copy(nonce[:], bytes[0:24]) diff --git a/v3.go b/v3.go index d984124..90c5293 100644 --- a/v3.go +++ b/v3.go @@ -11,7 +11,6 @@ import ( "aidanwoods.dev/go-paseto/internal/encoding" "aidanwoods.dev/go-paseto/internal/random" - "github.com/pkg/errors" ) func v3PublicSign(packet packet, key V3AsymmetricSecretKey, implicit []byte) message { @@ -48,7 +47,7 @@ func v3PublicSign(packet packet, key V3AsymmetricSecretKey, implicit []byte) mes func v3PublicVerify(msg message, key V3AsymmetricPublicKey, implicit []byte) (packet, error) { payload, ok := msg.p.(v3PublicPayload) if msg.header() != V3Public.Header() || !ok { - return packet{}, errors.Errorf("Cannot decrypt message with header: %s", msg.header()) + return packet{}, errorMessageHeaderVerify(V3Public, msg.header()) } header, footer := []byte(msg.header()), msg.footer @@ -62,7 +61,7 @@ func v3PublicVerify(msg message, key V3AsymmetricPublicKey, implicit []byte) (pa s := new(big.Int).SetBytes(payload.signature[48:]) if !ecdsa.Verify(&key.material, hash[:], r, s) { - return packet{}, errors.Errorf("Bad signature") + return packet{}, errorBadSignature } return packet{data, footer}, nil @@ -99,7 +98,7 @@ func v3LocalEncrypt(p packet, key V3SymmetricKey, implicit []byte, unitTestNonce func v3LocalDecrypt(msg message, key V3SymmetricKey, implicit []byte) (packet, error) { payload, ok := msg.p.(v3LocalPayload) if msg.header() != V3Local.Header() || !ok { - return packet{}, errors.Errorf("Cannot decrypt message with header: %s", msg.header()) + return packet{}, errorMessageHeaderDecrypt(V3Local, msg.header()) } nonce, cipherText, givenTag := payload.nonce, payload.cipherText, payload.tag @@ -118,7 +117,7 @@ func v3LocalDecrypt(msg message, key V3SymmetricKey, implicit []byte) (packet, e if !hmac.Equal(expectedTag[:], givenTag[:]) { var p packet - return p, errors.Errorf("Bad message authentication code") + return p, errorBadMAC } blockCipher, err := aes.NewCipher(encKey[:]) diff --git a/v3_keys.go b/v3_keys.go index 33a20ea..3df2539 100644 --- a/v3_keys.go +++ b/v3_keys.go @@ -10,7 +10,6 @@ import ( "math/big" "aidanwoods.dev/go-paseto/internal/random" - "github.com/pkg/errors" "golang.org/x/crypto/hkdf" ) @@ -37,7 +36,7 @@ func NewV3AsymmetricPublicKeyFromBytes(publicKeyBytes []byte) (V3AsymmetricPubli if len(publicKeyBytes) != 49 { // even though we return error, return a random key here rather than // a nil key - return NewV3AsymmetricSecretKey().Public(), errors.New("Key incorrect length") + return NewV3AsymmetricSecretKey().Public(), errorKeyLength(49, len(publicKeyBytes)) } publicKey := new(ecdsa.PublicKey) @@ -112,7 +111,7 @@ func NewV3AsymmetricSecretKeyFromBytes(secretBytes []byte) (V3AsymmetricSecretKe if len(secretBytes) != 48 { // even though we return error, return a random key here rather than // a nil key - return NewV3AsymmetricSecretKey(), errors.New("Key incorrect length") + return NewV3AsymmetricSecretKey(), errorKeyLength(48, len(secretBytes)) } privateKey := new(ecdsa.PrivateKey) @@ -167,7 +166,7 @@ func V3SymmetricKeyFromBytes(bytes []byte) (V3SymmetricKey, error) { if len(bytes) != 32 { // even though we return error, return a random key here rather than // a nil key - return NewV3SymmetricKey(), errors.New("Key incorrect length") + return NewV3SymmetricKey(), errorKeyLength(32, len(bytes)) } var material [32]byte diff --git a/v3_payloads.go b/v3_payloads.go index c9470cd..36e12b9 100644 --- a/v3_payloads.go +++ b/v3_payloads.go @@ -1,9 +1,5 @@ package paseto -import ( - "github.com/pkg/errors" -) - type v3PublicPayload struct { message []byte signature [96]byte @@ -17,7 +13,7 @@ func newV3PublicPayload(bytes []byte) (v3PublicPayload, error) { signatureOffset := len(bytes) - 96 if signatureOffset < 0 { - return v3PublicPayload{}, errors.New("Payload is not long enough to be a valid Paseto message") + return v3PublicPayload{}, errorPayloadShort } message := make([]byte, len(bytes)-96) @@ -41,7 +37,7 @@ func (p v3LocalPayload) bytes() []byte { func newV3LocalPayload(bytes []byte) (v3LocalPayload, error) { if len(bytes) <= 32+48 { - return v3LocalPayload{}, errors.New("Payload is not long enough to be a valid Paseto message") + return v3LocalPayload{}, errorPayloadShort } macOffset := len(bytes) - 48 diff --git a/v4.go b/v4.go index f488298..10b7a21 100644 --- a/v4.go +++ b/v4.go @@ -7,7 +7,6 @@ import ( "aidanwoods.dev/go-paseto/internal/encoding" "aidanwoods.dev/go-paseto/internal/hashing" "aidanwoods.dev/go-paseto/internal/random" - "github.com/pkg/errors" "golang.org/x/crypto/chacha20" ) @@ -31,7 +30,7 @@ func v4PublicSign(packet packet, key V4AsymmetricSecretKey, implicit []byte) mes func v4PublicVerify(msg message, key V4AsymmetricPublicKey, implicit []byte) (packet, error) { payload, ok := msg.p.(v4PublicPayload) if msg.header() != V4Public.Header() || !ok { - return packet{}, errors.Errorf("Cannot decrypt message with header: %s", msg.header()) + return packet{}, errorMessageHeaderVerify(V4Public, msg.header()) } header, footer := []byte(msg.header()), msg.footer @@ -40,7 +39,7 @@ func v4PublicVerify(msg message, key V4AsymmetricPublicKey, implicit []byte) (pa m2 := encoding.Pae(header, data, footer, implicit) if !ed25519.Verify(key.material, m2, payload.signature[:]) { - return packet{}, errors.Errorf("Bad signature") + return packet{}, errorBadSignature } return packet{data, footer}, nil @@ -73,7 +72,7 @@ func v4LocalEncrypt(p packet, key V4SymmetricKey, implicit []byte, unitTestNonce func v4LocalDecrypt(msg message, key V4SymmetricKey, implicit []byte) (packet, error) { payload, ok := msg.p.(v4LocalPayload) if msg.header() != V4Local.Header() || !ok { - return packet{}, errors.Errorf("Cannot decrypt message with header: %s", msg.header()) + return packet{}, errorMessageHeaderDecrypt(V4Local, msg.header()) } nonce, cipherText, givenTag := payload.nonce, payload.cipherText, payload.tag @@ -87,7 +86,7 @@ func v4LocalDecrypt(msg message, key V4SymmetricKey, implicit []byte) (packet, e hashing.GenericHash(preAuth, expectedTag[:], authKey[:]) if !hmac.Equal(expectedTag[:], givenTag[:]) { - return packet{}, errors.Errorf("Bad message authentication code") + return packet{}, errorBadMAC } cipher, err := chacha20.NewUnauthenticatedCipher(encKey[:], nonce2[:]) diff --git a/v4_keys.go b/v4_keys.go index edd3487..c4ee9d9 100644 --- a/v4_keys.go +++ b/v4_keys.go @@ -6,7 +6,6 @@ import ( "aidanwoods.dev/go-paseto/internal/hashing" "aidanwoods.dev/go-paseto/internal/random" - "github.com/pkg/errors" ) // V4AsymmetricPublicKey v4 public public key @@ -32,7 +31,7 @@ func NewV4AsymmetricPublicKeyFromBytes(publicKey []byte) (V4AsymmetricPublicKey, if len(publicKey) != 32 { // even though we return error, return a random key here rather than // a nil key - return NewV4AsymmetricSecretKey().Public(), errors.New("Key incorrect length") + return NewV4AsymmetricSecretKey().Public(), errorKeyLength(32, len(publicKey)) } return V4AsymmetricPublicKey{publicKey}, nil @@ -110,7 +109,7 @@ func NewV4AsymmetricSecretKeyFromBytes(privateKey []byte) (V4AsymmetricSecretKey if len(privateKey) != 64 { // even though we return error, return a random key here rather than // a nil key - return NewV4AsymmetricSecretKey(), errors.New("Key incorrect length") + return NewV4AsymmetricSecretKey(), errorKeyLength(64, len(privateKey)) } return V4AsymmetricSecretKey{privateKey}, nil @@ -129,7 +128,7 @@ func NewV4AsymmetricSecretKeyFromSeed(hexEncoded string) (V4AsymmetricSecretKey, if len(seedBytes) != 32 { // even though we return error, return a random key here rather than // a nil key - return NewV4AsymmetricSecretKey(), errors.New("Key incorrect length") + return NewV4AsymmetricSecretKey(), errorSeedLength(32, len(seedBytes)) } return V4AsymmetricSecretKey{ed25519.NewKeyFromSeed(seedBytes)}, nil @@ -176,7 +175,7 @@ func V4SymmetricKeyFromBytes(bytes []byte) (V4SymmetricKey, error) { if len(bytes) != 32 { // even though we return error, return a random key here rather than // a nil key - return NewV4SymmetricKey(), errors.New("Key incorrect length") + return NewV4SymmetricKey(), errorKeyLength(32, len(bytes)) } var material [32]byte diff --git a/v4_payloads.go b/v4_payloads.go index 625befc..436e6df 100644 --- a/v4_payloads.go +++ b/v4_payloads.go @@ -1,9 +1,5 @@ package paseto -import ( - "github.com/pkg/errors" -) - type v4PublicPayload struct { message []byte signature [64]byte @@ -17,7 +13,7 @@ func newV4PublicPayload(bytes []byte) (v4PublicPayload, error) { signatureOffset := len(bytes) - 64 if signatureOffset < 0 { - return v4PublicPayload{}, errors.New("Payload is not long enough to be a valid Paseto message") + return v4PublicPayload{}, errorPayloadShort } message := make([]byte, len(bytes)-64) @@ -41,7 +37,7 @@ func (p v4LocalPayload) bytes() []byte { func newV4LocalPayload(bytes []byte) (v4LocalPayload, error) { if len(bytes) <= 32+32 { - return v4LocalPayload{}, errors.New("Payload is not long enough to be a valid Paseto message") + return v4LocalPayload{}, errorPayloadShort } macOffset := len(bytes) - 32