1 //! Possible errors that may occur during Webauthn Operation processing 2 3 use base64::DecodeError as b64DecodeError; 4 #[cfg(feature = "core")] 5 use openssl::error::ErrorStack as OpenSSLErrorStack; 6 use serde_cbor::error::Error as CBORError; 7 use serde_json::error::Error as JSONError; 8 // use nom::Err as NOMError; 9 10 /// Possible errors that may occur during Webauthn Operation processing. 11 #[derive(Debug, thiserror::Error)] 12 #[allow(missing_docs)] 13 pub enum WebauthnError { 14 #[error("The JSON from the client did not indicate webauthn.<method> correctly")] 15 InvalidClientDataType, 16 17 #[error( 18 "The client response challenge differs from the latest challenge issued to the userId" 19 )] 20 MismatchedChallenge, 21 22 #[error("There are no challenges associated to the UserId")] 23 ChallengeNotFound, 24 25 #[error("The clients relying party origin does not match our servers information")] 26 InvalidRPOrigin, 27 28 #[error("The clients relying party id hash does not match the hash of our relying party id")] 29 InvalidRPIDHash, 30 31 #[error("The user present bit is not set, and required")] 32 UserNotPresent, 33 34 #[error("The user verified bit is not set, and required by policy")] 35 UserNotVerified, 36 37 #[error("The extensions are unknown to this server")] 38 InvalidExtensions, 39 40 #[error("An extension for this identifier was not in the authenticator data")] 41 AuthenticatorDataMissingExtension, 42 43 #[error("The required attestation data is not present in the response")] 44 MissingAttestationCredentialData, 45 46 #[error("The attestation format requested is not able to be processed by this server - please report an issue to add the attestation format")] 47 AttestationNotSupported, 48 49 #[error("A failure occurred in persisting the Challenge data")] 50 ChallengePersistenceError, 51 52 #[error("The attestation statement map is not valid")] 53 AttestationStatementMapInvalid, 54 55 #[error("The attestation statement signature is not present")] 56 AttestationStatementSigMissing, 57 58 #[error("The attestation statement signature is not valid")] 59 AttestationStatementSigInvalid, 60 61 #[error("The attestation statement version is not present")] 62 AttestationStatementVerMissing, 63 64 #[error("The attestation statement version is not valid")] 65 AttestationStatementVerInvalid, 66 67 #[error("The attestation statement version not supported")] 68 AttestationStatementVerUnsupported, 69 70 #[error("The attestation statement x5c (trust root) is not present")] 71 AttestationStatementX5CMissing, 72 73 #[error("The attestation statement x5c (trust root) is not valid")] 74 AttestationStatementX5CInvalid, 75 76 #[error("The attestation statement algorithm is not present")] 77 AttestationStatementAlgMissing, 78 79 #[error("The attestation statement certInfo is not present")] 80 AttestationStatementCertInfoMissing, 81 82 #[error("The attestation statement pubArea is not present")] 83 AttestationStatementPubAreaMissing, 84 85 #[error("The attestation statement alg does not match algorithm of the credentialPublicKey in authenticatorData")] 86 AttestationStatementAlgMismatch, 87 88 #[error("The attestation statement alg does not match algorithm of the credentialPublicKey in authenticatorData")] 89 AttestationStatementAlgInvalid, 90 91 #[error("The attestation trust could not be established")] 92 AttestationTrustFailure, 93 94 #[error("The attestation Certificates OID 1.3.6.1.4.1.45724.1.1.4 aaguid does not match the aaguid of the token")] 95 AttestationCertificateAAGUIDMismatch, 96 97 #[error("The attestation created by the TPM is not correct")] 98 AttestationTpmStInvalid, 99 100 #[error("The TPM attestation and key algorithms do not match")] 101 AttestationTpmPubAreaMismatch, 102 103 #[error("The TPM attestation extraData is missing or invalid")] 104 AttestationTpmExtraDataInvalid, 105 106 #[error("The TPM attestation extraData does not match the hash of the verification data")] 107 AttestationTpmExtraDataMismatch, 108 109 #[error("The TPM requested hash over pubArea is unknown")] 110 AttestationTpmPubAreaHashUnknown, 111 112 #[error("The TPM requested hash over pubArea is invalid")] 113 AttestationTpmPubAreaHashInvalid, 114 115 #[error("The TPM attest certify structure is invalid")] 116 AttestationTpmAttestCertifyInvalid, 117 118 #[error("The requirements of https://w3c.github.io/webauthn/#sctn-packed-attestation-cert-requirements are not met by this attestation certificate")] 119 AttestationCertificateRequirementsNotMet, 120 121 #[error("The X5C trust root is not a valid algorithm for signing")] 122 CertificatePublicKeyInvalid, 123 124 #[error("A base64 parser failure has occurred")] 125 ParseBase64Failure(#[from] b64DecodeError), 126 127 #[error("A CBOR parser failure has occurred")] 128 ParseCBORFailure(#[from] CBORError), 129 130 #[error("A JSON parser failure has occurred")] 131 ParseJSONFailure(#[from] JSONError), 132 133 #[error("A NOM parser failure has occurred")] 134 ParseNOMFailure, 135 136 #[error("In parsing the attestation object, there was insufficient data")] 137 ParseInsufficientBytesAvailable, 138 139 #[cfg(feature = "core")] 140 #[error("An OpenSSL Error has occurred")] 141 OpenSSLError(#[from] OpenSSLErrorStack), 142 143 #[error("The requested OpenSSL curve is not supported by OpenSSL")] 144 OpenSSLErrorNoCurveName, 145 146 #[error("The COSEKey contains invalid CBOR which can not be processed")] 147 COSEKeyInvalidCBORValue, 148 149 #[error("The COSEKey type is not supported by this implementation")] 150 COSEKeyInvalidType, 151 152 #[error("The COSEKey contains invalid ECDSA X/Y coordinate data")] 153 COSEKeyECDSAXYInvalid, 154 155 #[error("The COSEKey contains invalid RSA modulus/exponent data")] 156 COSEKeyRSANEInvalid, 157 158 #[error("The COSEKey uses a curve that is not supported by this implementation")] 159 COSEKeyECDSAInvalidCurve, 160 161 #[error("The COSEKey contains invalid cryptographic algorithm request")] 162 COSEKeyInvalidAlgorithm, 163 164 #[error("The credential exist check failed")] 165 CredentialExistCheckError, 166 167 #[error("The credential already exists")] 168 CredentialAlreadyExists, 169 170 #[error("The credential was not able to be persisted")] 171 CredentialPersistenceError, 172 173 #[error("The credential was not able to be retrieved")] 174 CredentialRetrievalError, 175 176 #[error("The credential requested could not be found")] 177 CredentialNotFound, 178 179 #[error("A credential alg that was not allowed in the request was attempted.")] 180 CredentialAlteredAlgFromRequest, 181 182 #[error("A credential that was excluded in the request attempted to register.")] 183 CredentialExcludedFromRequest, 184 185 #[error("The credential may have be compromised and should be inspected")] 186 CredentialPossibleCompromise, 187 188 #[error("The credential counter could not be updated")] 189 CredentialCounterUpdateFailure, 190 191 #[error("The provided call back failed to allow reporting the credential failure")] 192 CredentialCompromiseReportFailure, 193 194 #[error("The trust path could not be established")] 195 TrustFailure, 196 197 #[error("Authentication has failed")] 198 AuthenticationFailure, 199 200 #[error("Inconsistent Credential Verification and User Verification Policy")] 201 InconsistentUserVerificationPolicy, 202 203 #[error("Invalid UserID supplied for registration")] 204 InvalidUsername, 205 206 #[error("Supplied Nid does not correspond to a supported ECDSA curve")] 207 ECDSACurveInvalidNid, 208 209 #[error("The attested credential public key and subject public key do not match")] 210 AttestationCredentialSubjectKeyMismatch, 211 212 #[error( 213 "The credential was created in a cross-origin context (while cross-origin was disallowed)" 214 )] 215 CredentialCrossOrigin, 216 } 217 218 impl PartialEq for WebauthnError { eq(&self, other: &Self) -> bool219 fn eq(&self, other: &Self) -> bool { 220 std::mem::discriminant(self) == std::mem::discriminant(other) 221 } 222 } 223