cossacklabs · iamnotacake · Sep 5, 2020 · Sep 1, 2020 · Sep 1, 2020 · Sep 1, 2020
@@ -12,6 +12,10 @@ _Code:_
   - `make deb` and `make rpm` with `ENGINE=boringssl` will now produce `libthemis-boringssl` packages with embedded BoringSSL ([#683](https://github.com/cossacklabs/themis/pull/683), [#686](https://github.com/cossacklabs/themis/pull/686)).
   - `secure_session_create()` now allows only EC keys, returning an error for RSA ([#693](https://github.com/cossacklabs/themis/pull/693)).
 
+- **Go**
+
+  - Error `ErrOverflow` is now deprecated in favor of `ErrOutOfMemory`, new error types were added ([#711](https://github.com/cossacklabs/themis/pull/711)).
+
 - **Objective-C**
 
   - Updated Objective-C examples (iOS and macOS, Carthage and CocoaPods) to showcase usage of the newest Secure Cell API: generating symmetric keys and using Secure Cell with Passphrase ([#688](https://github.com/cossacklabs/themis/pull/688)) and to use latest Themis 0.13.2 ([#701](https://github.com/cossacklabs/themis/pull/701), [#703](https://github.com/cossacklabs/themis/pull/703), [#706](https://github.com/cossacklabs/themis/pull/706)).

@@ -180,13 +180,18 @@ import (
 
 // Errors returned by Secure Cell.
 var (
+	ErrGetOutputSize     = errors.New("failed to get output size")
+	ErrEncryptData       = errors.New("failed to protect data")
+	ErrDecryptData       = errors.New("failed to unprotect data")
 	ErrInvalidMode       = errors.NewWithCode(errors.InvalidParameter, "invalid Secure Cell mode specified")
 	ErrMissingKey        = errors.NewWithCode(errors.InvalidParameter, "empty symmetric key for Secure Cell")
 	ErrMissingPassphrase = errors.NewWithCode(errors.InvalidParameter, "empty passphrase for Secure Cell")
 	ErrMissingMessage    = errors.NewWithCode(errors.InvalidParameter, "empty message for Secure Cell")
 	ErrMissingToken      = errors.NewWithCode(errors.InvalidParameter, "authentication token is required in Token Protect mode")
 	ErrMissingContext    = errors.NewWithCode(errors.InvalidParameter, "associated context is required in Context Imprint mode")
-	ErrOverflow          = errors.NewWithCode(errors.NoMemory, "Secure Cell cannot allocate enough memory")
+	ErrOutOfMemory       = errors.NewWithCode(errors.NoMemory, "Secure Cell cannot allocate enough memory")
+	// Deprecated: Since 0.14. Use ErrOutOfMemory instead.
+	ErrOverflow          = ErrOutOfMemory
 )
 
 // Secure Cell operation mode.
@@ -273,10 +278,10 @@ func (sc *SecureCell) Protect(data []byte, context []byte) ([]byte, []byte, erro
 		C.int(sc.mode),
 		&encLen,
 		&addLen)) {
-		return nil, nil, errors.New("Failed to get output size")
+		return nil, nil, ErrGetOutputSize
 	}
 	if sizeOverflow(encLen) || sizeOverflow(addLen) {
-		return nil, nil, ErrOverflow
+		return nil, nil, ErrOutOfMemory
 	}
 
 	var addData []byte
@@ -299,7 +304,7 @@ func (sc *SecureCell) Protect(data []byte, context []byte) ([]byte, []byte, erro
 		encLen,
 		add,
 		addLen)) {
-		return nil, nil, errors.New("Failed to protect data")
+		return nil, nil, ErrEncryptData
 	}
 
 	return encData, addData, nil
@@ -355,10 +360,10 @@ func (sc *SecureCell) Unprotect(protectedData []byte, additionalData []byte, con
 		ctxLen,
 		C.int(sc.mode),
 		&decLen)) {
-		return nil, errors.New("Failed to get output size")
+		return nil, ErrGetOutputSize
 	}
 	if sizeOverflow(decLen) {
-		return nil, ErrOverflow
+		return nil, ErrOutOfMemory
 	}
 
 	decData := make([]byte, decLen, decLen)
@@ -373,7 +378,7 @@ func (sc *SecureCell) Unprotect(protectedData []byte, additionalData []byte, con
 		C.int(sc.mode),
 		unsafe.Pointer(&decData[0]),
 		decLen)) {
-		return nil, errors.New("Failed to unprotect data")
+		return nil, ErrDecryptData
 	}
 
 	return decData, nil

@@ -77,9 +77,17 @@ const (
 
 // Errors returned by Secure Comparator.
 var (
-	ErrMissingSecret = errors.NewWithCode(errors.InvalidParameter, "empty secret for Secure Comparator")
-	ErrMissingData   = errors.NewWithCode(errors.InvalidParameter, "empty comparison message for Secure Comparator")
-	ErrOverflow      = errors.NewWithCode(errors.NoMemory, "Secure Comparator cannot allocate enough memory")
+	ErrAppendSecret             = errors.New("failed to append secret")
+	ErrCreateComparator         = errors.New("failed to create comparator object")
+	ErrDestroyComparator        = errors.New("failed to destroy comparator object")
+	ErrProtocolData             = errors.New("failed to get protocol data")
+	ErrProtocolDataSize         = errors.New("failed to get protocol data size")
+	ErrNoResult                 = errors.New("failed to get result")
+	ErrMissingSecret            = errors.NewWithCode(errors.InvalidParameter, "empty secret for Secure Comparator")
+	ErrMissingData              = errors.NewWithCode(errors.InvalidParameter, "empty comparison message for Secure Comparator")
+	ErrOutOfMemory              = errors.NewWithCode(errors.NoMemory, "Secure Comparator cannot allocate enough memory")
+	// Deprecated: Since 0.14. Use ErrOutOfMemory instead.
+	ErrOverflow                 = ErrOutOfMemory
 )
 
 // SecureCompare is an interactive protocol for two parties that compares whether
@@ -103,7 +111,7 @@ func sizeOverflow(n C.size_t) bool {
 func New() (*SecureCompare, error) {
 	ctx := C.compare_init()
 	if nil == ctx {
-		return nil, errors.New("Failed to create comparator object")
+		return nil, ErrCreateComparator
 	}
 
 	sc := &SecureCompare{ctx}
@@ -118,7 +126,7 @@ func (sc *SecureCompare) Close() error {
 		if bool(C.compare_destroy(sc.ctx)) {
 			sc.ctx = nil
 		} else {
-			return errors.New("Failed to destroy comparator object")
+			return ErrDestroyComparator
 		}
 	}
 
@@ -131,7 +139,7 @@ func (sc *SecureCompare) Append(secret []byte) error {
 		return ErrMissingSecret
 	}
 	if !bool(C.compare_append(sc.ctx, unsafe.Pointer(&secret[0]), C.size_t(len(secret)))) {
-		return errors.New("Failed to append secret")
+		return ErrAppendSecret
 	}
 
 	return nil
@@ -142,16 +150,16 @@ func (sc *SecureCompare) Begin() ([]byte, error) {
 	var outLen C.size_t
 
 	if !bool(C.compare_begin_size(sc.ctx, &outLen)) {
-		return nil, errors.New("Failed to get output size")
+		return nil, ErrProtocolDataSize
 	}
 	if sizeOverflow(outLen) {
-		return nil, ErrOverflow
+		return nil, ErrOutOfMemory
 	}
 
 	out := make([]byte, outLen)
 
 	if !bool(C.compare_begin(sc.ctx, unsafe.Pointer(&out[0]), outLen)) {
-		return nil, errors.New("Failed to get compare data")
+		return nil, ErrProtocolData
 	}
 
 	return out, nil
@@ -167,10 +175,10 @@ func (sc *SecureCompare) Proceed(data []byte) ([]byte, error) {
 	}
 
 	if !bool(C.compare_proceed_size(sc.ctx, unsafe.Pointer(&data[0]), C.size_t(len(data)), &outLen)) {
-		return nil, errors.New("Failed to get output size")
+		return nil, ErrProtocolDataSize
 	}
 	if sizeOverflow(outLen) {
-		return nil, ErrOverflow
+		return nil, ErrOutOfMemory
 	}
 
 	if 0 == outLen {
@@ -187,7 +195,7 @@ func (sc *SecureCompare) Proceed(data []byte) ([]byte, error) {
 		return out, nil
 	}
 
-	return nil, errors.New("Failed to get output")
+	return nil, ErrProtocolData
 }
 
 // Result returns the result of the comparison.
@@ -198,5 +206,5 @@ func (sc *SecureCompare) Result() (int, error) {
 		return int(res), nil
 	}
 
-	return NotReady, errors.New("Failed to get compare result")
+	return NotReady, ErrNoResult
 }
@@ -75,8 +75,12 @@ const (
 
 // Errors returned by key generation.
 var (
-	ErrInvalidType = errors.NewWithCode(errors.InvalidParameter, "invalid key type specified")
-	ErrOverflow    = errors.NewWithCode(errors.NoMemory, "key generator cannot allocate enough memory")
+	ErrGetKeySize       = errors.New("failed to get needed key sizes")
+	ErrGenerateKeypair  = errors.New("failed to generate keypair")
+	ErrInvalidType      = errors.NewWithCode(errors.InvalidParameter, "invalid key type specified")
+	ErrOutOfMemory      = errors.NewWithCode(errors.NoMemory, "key generator cannot allocate enough memory")
+	// Deprecated: Since 0.14. Use ErrOutOfMemory instead.
+	ErrOverflow         = ErrOutOfMemory
 )
 
 // PrivateKey stores a ECDSA or RSA private key.
@@ -103,17 +107,17 @@ func New(keytype int) (*Keypair, error) {
 
 	var privLen, pubLen C.size_t
 	if !bool(C.get_key_size(C.int(keytype), &privLen, &pubLen)) {
-		return nil, errors.New("Failed to get needed key sizes")
+		return nil, ErrGetKeySize
 	}
 	if sizeOverflow(privLen) || sizeOverflow(pubLen) {
-		return nil, ErrOverflow
+		return nil, ErrOutOfMemory
 	}
 
 	priv := make([]byte, int(privLen), int(privLen))
 	pub := make([]byte, int(pubLen), int(pubLen))
 
 	if !bool(C.gen_keys(C.int(keytype), unsafe.Pointer(&priv[0]), privLen, unsafe.Pointer(&pub[0]), pubLen)) {
-		return nil, errors.New("Failed to generate keypair")
+		return nil, ErrGenerateKeypair
 	}
 
 	return &Keypair{

@@ -25,6 +25,12 @@ import (
 	"github.com/cossacklabs/themis/gothemis/errors"
 )
 
+// Errors returned by key generation.
+var (
+	ErrGetSymmetricKeySize  = errors.New("failed to get symmetric key size")
+	ErrGenerateSymmetricKey = errors.New("failed to generate symmetric key")
+)
+
 // SymmetricKey stores a master key for Secure Cell.
 type SymmetricKey struct {
 	Value []byte
@@ -34,15 +40,15 @@ type SymmetricKey struct {
 func NewSymmetricKey() (*SymmetricKey, error) {
 	var len C.size_t
 	if !bool(C.get_sym_key_size(&len)) {
-		return nil, errors.New("Failed to get symmetric key size")
+		return nil, ErrGetSymmetricKeySize
 	}
 	if sizeOverflow(len) {
-		return nil, ErrOverflow
+		return nil, ErrOutOfMemory
 	}
 
 	key := make([]byte, int(len), int(len))
 	if !bool(C.gen_sym_key(unsafe.Pointer(&key[0]), len)) {
-		return nil, errors.New("Failed to generate symmetric key")
+		return nil, ErrGenerateSymmetricKey
 	}
 
 	return &SymmetricKey{Value: key}, nil

@@ -78,10 +78,18 @@ const (
 
 // Errors returned by Secure Message.
 var (
+	ErrEncryptMessage    = errors.New("failed to encrypt message")
+	ErrDecryptMessage    = errors.New("failed to decrypt message")
+	ErrSignMessage       = errors.New("failed to sign message")
+	ErrVerifyMessage     = errors.New("failed to verify message")
+	ErrProcessMessage    = errors.New("failed to process message")
+	ErrGetOutputSize     = errors.New("failed to get output size")
 	ErrMissingMessage    = errors.NewWithCode(errors.InvalidParameter, "empty message for Secure Cell")
 	ErrMissingPublicKey  = errors.NewWithCode(errors.InvalidParameter, "empty peer public key for Secure Message")
 	ErrMissingPrivateKey = errors.NewWithCode(errors.InvalidParameter, "empty private key for Secure Message")
-	ErrOverflow          = errors.NewWithCode(errors.NoMemory, "Secure Message cannot allocate enough memory")
+	ErrOutOfMemory       = errors.NewWithCode(errors.NoMemory, "Secure Message cannot allocate enough memory")
+	// Deprecated: Since 0.14. Use ErrOutOfMemory instead.
+	ErrOverflow          = ErrOutOfMemory
 )
 
 // SecureMessage provides a sequence-independent, stateless, contextless messaging system.
@@ -135,10 +143,10 @@ func messageProcess(private *keys.PrivateKey, peerPublic *keys.PublicKey, messag
 		C.size_t(len(message)),
 		C.int(mode),
 		&outputLength)) {
-		return nil, errors.New("Failed to get output size")
+		return nil, ErrGetOutputSize
 	}
 	if sizeOverflow(outputLength) {
-		return nil, ErrOverflow
+		return nil, ErrOutOfMemory
 	}
 
 	output := make([]byte, int(outputLength), int(outputLength))
@@ -153,15 +161,15 @@ func messageProcess(private *keys.PrivateKey, peerPublic *keys.PublicKey, messag
 		outputLength)) {
 		switch mode {
 		case secureMessageEncrypt:
-			return nil, errors.New("Failed to encrypt message")
+			return nil, ErrEncryptMessage
 		case secureMessageDecrypt:
-			return nil, errors.New("Failed to decrypt message")
+			return nil, ErrDecryptMessage
 		case secureMessageSign:
-			return nil, errors.New("Failed to sign message")
+			return nil, ErrSignMessage
 		case secureMessageVerify:
-			return nil, errors.New("Failed to verify message")
+			return nil, ErrVerifyMessage
 		default:
-			return nil, errors.New("Failed to process message")
+			return nil, ErrProcessMessage
 		}
 	}