From 057808adb477a8503316d26088751debae1580ae Mon Sep 17 00:00:00 2001
From: Anton Antonov <Anton.Antonov@arm.com>
Date: Thu, 23 Sep 2021 13:37:30 +0100
Subject: [PATCH] Improve error handling

Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
---
 README.md                            |  7 ++++--
 src/error.rs                         |  4 ++++
 src/subcommands/export_public_key.rs | 36 ++++++++++++++++++----------
 3 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 4c9a5eb..35ff456 100644
--- a/README.md
+++ b/README.md
@@ -51,8 +51,11 @@ Book](https://parallaxsecond.github.io/parsec-book/parsec_client/operations/inde
 - Plaintext data is expected/shown as a UTF-8 string (input data of `sign`, output data of
    `decrypt`).
 - Ciphertext data is expected/shown as base 64 (output data of `sign`, input data of `decrypt`).
-- Exported public keys are encoded in PEM. By default PKCS#8 format is used for RSA and ECC
-  public keys. With `--pkcs1` parameter RSA keys exported in PKCS#1 format.
+- Exported public keys are encoded in PEM. By default PKCS#8 format
+  is used for RSA [RFC 3279](https://datatracker.ietf.org/doc/html/rfc3279#section-2.3.1)
+  and ECC [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2)
+  public keys. With `--pkcs1` parameter RSA keys exported in PKCS#1 format
+  [RFC 2313](https://datatracker.ietf.org/doc/html/rfc2313#section-7.1).
 
 ## SPIFFE based authenticator
 
diff --git a/src/error.rs b/src/error.rs
index 04fece3..f550023 100644
--- a/src/error.rs
+++ b/src/error.rs
@@ -43,6 +43,10 @@ pub enum ToolErrorKind {
     /// Expected input data was not given
     #[error("A command expected input data that was not given")]
     NoInput,
+
+    /// Cannot serialise or deserialise data
+    #[error("Incorrect data format")]
+    IncorrectData,
 }
 
 /// A Result type with the Err variant set as a ParsecToolError
diff --git a/src/subcommands/export_public_key.rs b/src/subcommands/export_public_key.rs
index 1fc075d..0666789 100644
--- a/src/subcommands/export_public_key.rs
+++ b/src/subcommands/export_public_key.rs
@@ -29,23 +29,29 @@ impl ExportPublicKey {
     /// Exports a public key.
     pub fn run(&self, basic_client: BasicClient) -> Result<()> {
         let mut tag = String::from("PUBLIC KEY");
-        let psa_public_key = basic_client.psa_export_public_key(&self.key_name)?;
-        let mut public_key = psa_public_key.clone();
+        let mut psa_public_key = basic_client.psa_export_public_key(&self.key_name)?;
+        let psa_key_attributes = basic_client.key_attributes(&self.key_name)?;
 
-        match basic_client.key_attributes(&self.key_name)?.key_type {
+        match psa_key_attributes.key_type {
             Type::RsaKeyPair | Type::RsaPublicKey => {
                 if self.pkcs1 {
                     tag = String::from("RSA PUBLIC KEY");
                 } else {
-                    let pkcs8_public_key = SubjectPublicKeyInfo {
+                    psa_public_key = picky_asn1_der::to_vec(&SubjectPublicKeyInfo {
                         algorithm: AlgorithmIdentifier::new_rsa_encryption(),
                         subject_public_key: PublicKey::Rsa(
                             picky_asn1_der::from_bytes::<RsaPublicKey>(&psa_public_key)
-                                .unwrap()
+                                .map_err(|_| {
+                                    error!("Could not deserialise RSA key");
+                                    ToolErrorKind::IncorrectData
+                                })?
                                 .into(),
                         ),
-                    };
-                    public_key = picky_asn1_der::to_vec(&pkcs8_public_key).unwrap();
+                    })
+                    .map_err(|_| {
+                        error!("Could not serialise RSA key");
+                        ToolErrorKind::IncorrectData
+                    })?;
                 }
             }
             Type::EccKeyPair {
@@ -58,16 +64,20 @@ impl ExportPublicKey {
                     error!("PKCS1 format doesn't support ECC keys");
                     return Err(ToolErrorKind::WrongKeyAlgorithm.into());
                 } else {
-                    let key_bits = basic_client.key_attributes(&self.key_name)?.bits;
-                    let pkcs8_public_key = SubjectPublicKeyInfo {
+                    psa_public_key = picky_asn1_der::to_vec(&SubjectPublicKeyInfo {
                         algorithm: AlgorithmIdentifier::new_elliptic_curve(
-                            EcParameters::NamedCurve(curve_oid(curve, key_bits).unwrap().into()),
+                            EcParameters::NamedCurve(
+                                curve_oid(curve, psa_key_attributes.bits)?.into(),
+                            ),
                         ),
                         subject_public_key: PublicKey::Ec(
                             BitString::with_bytes(psa_public_key).into(),
                         ),
-                    };
-                    public_key = picky_asn1_der::to_vec(&pkcs8_public_key).unwrap();
+                    })
+                    .map_err(|_| {
+                        error!("Could not serialise ECC key");
+                        ToolErrorKind::IncorrectData
+                    })?;
                 }
             }
             _ => {
@@ -79,7 +89,7 @@ impl ExportPublicKey {
         let pem_encoded = pem::encode_config(
             &pem::Pem {
                 tag,
-                contents: public_key,
+                contents: psa_public_key,
             },
             pem::EncodeConfig {
                 line_ending: pem::LineEnding::LF,