Replace fmt.Errorf with custom error types in pkg/requester

Author: xaionaro@dx.center

pkg/requester/auth.go

@@ -29,7 +29,7 @@ func (r *Requester) GetDigests(ctx context.Context) (_ret [][]byte, _err error)
 
 	reqBytes, err := req.Marshal()
 	if err != nil {
-		return nil, fmt.Errorf("marshal request: %w", err)
+		return nil, &ErrMarshalRequest{Err: err}
 	}
 
 	resp, err := r.sendReceive(ctx, req)
@@ -40,7 +40,7 @@ func (r *Requester) GetDigests(ctx context.Context) (_ret [][]byte, _err error)
 	var dr msgs.DigestResponse
 	digestSize := r.conn.HashAlgo.Size()
 	if err := dr.UnmarshalWithDigestSize(resp, digestSize); err != nil {
-		return nil, fmt.Errorf("unmarshal: %w", err)
+		return nil, &ErrUnmarshalResponse{Err: err}
 	}
 
 	// Record B transcript: GET_DIGESTS request + DIGESTS response.
@@ -73,7 +73,7 @@ func (r *Requester) GetCertificate(ctx context.Context, slotID uint8) (_ret []by
 
 		reqBytes, err := req.Marshal()
 		if err != nil {
-			return nil, fmt.Errorf("marshal request: %w", err)
+			return nil, &ErrMarshalRequest{Err: err}
 		}
 
 		resp, err := r.sendReceive(ctx, req)
@@ -83,7 +83,7 @@ func (r *Requester) GetCertificate(ctx context.Context, slotID uint8) (_ret []by
 
 		var cr msgs.CertificateResponse
 		if err := cr.Unmarshal(resp); err != nil {
-			return nil, fmt.Errorf("unmarshal: %w", err)
+			return nil, &ErrUnmarshalResponse{Err: err}
 		}
 
 		// Record B transcript: GET_CERTIFICATE request + CERTIFICATE response.
@@ -103,7 +103,7 @@ func (r *Requester) GetCertificate(ctx context.Context, slotID uint8) (_ret []by
 	// Validate the certificate chain if a trust anchor pool is configured.
 	if r.cfg.Crypto.CertPool != nil {
 		if err := r.validateCertChain(ctx, chain); err != nil {
-			return nil, fmt.Errorf("certificate chain validation: %w", err)
+			return nil, &ErrCertChainValidation{Err: err}
 		}
 	}
 
@@ -121,17 +121,17 @@ func (r *Requester) validateCertChain(ctx context.Context, chain []byte) error {
 	hashSize := r.conn.HashAlgo.Size()
 	minSize := msgs.CertChainHeaderSize + hashSize
 	if len(chain) < minSize {
-		return fmt.Errorf("chain too short: %d bytes, need at least %d", len(chain), minSize)
+		return &ErrCertChainTooShort{Size: len(chain), MinSize: minSize}
 	}
 
 	certData := chain[msgs.CertChainHeaderSize+hashSize:]
 	certs, err := parseDERCertificates(certData)
 	if err != nil {
-		return fmt.Errorf("parse certificates: %w", err)
+		return &ErrParseCertificates{Err: err}
 	}
 
 	if len(certs) == 0 {
-		return fmt.Errorf("no certificates in chain")
+		return &ErrNoCertificatesInChain{}
 	}
 
 	// Build intermediate pool from all certs except the leaf (last one).
@@ -147,7 +147,7 @@ func (r *Requester) validateCertChain(ctx context.Context, chain []byte) error {
 	}
 
 	if _, err := leaf.Verify(opts); err != nil {
-		return fmt.Errorf("verify leaf certificate: %w", err)
+		return &ErrVerifyLeafCertificate{Err: err}
 	}
 
 	logger.Debugf(ctx, "certificate chain validated: %d certificates, leaf CN=%s", len(certs), leaf.Subject.CommonName)
@@ -170,12 +170,12 @@ func (r *Requester) Challenge(ctx context.Context, slotID uint8, hashType uint8)
 		}},
 	}
 	if _, err := rand.Read(req.Nonce[:]); err != nil {
-		return fmt.Errorf("generate nonce: %w", err)
+		return &ErrGenerateNonce{Err: err}
 	}
 
 	reqBytes, err := req.Marshal()
 	if err != nil {
-		return fmt.Errorf("marshal request: %w", err)
+		return &ErrMarshalRequest{Err: err}
 	}
 
 	resp, err := r.sendReceive(ctx, req)
@@ -194,13 +194,13 @@ func (r *Requester) Challenge(ctx context.Context, slotID uint8, hashType uint8)
 
 	var car msgs.ChallengeAuthResponse
 	if err := car.UnmarshalWithSizes(resp, digestSize, measHashSize, sigSize); err != nil {
-		return fmt.Errorf("unmarshal: %w", err)
+		return &ErrUnmarshalResponse{Err: err}
 	}
 
 	// Verify the responder's signature if a verifier is configured and a cert chain is available.
 	if r.cfg.Crypto.Verifier != nil && len(r.peerCertChain) > 0 {
 		if err := r.verifyChallengeSignature(ctx, reqBytes, resp, &car); err != nil {
-			return fmt.Errorf("signature verification: %w", err)
+			return &ErrSignatureVerification{Err: err}
 		}
 	}
 
@@ -218,7 +218,7 @@ func (r *Requester) verifyChallengeSignature(
 	// Extract the responder's public key from the stored certificate chain.
 	pubKey, err := r.extractPeerPublicKey()
 	if err != nil {
-		return fmt.Errorf("extract peer public key: %w", err)
+		return &ErrExtractPeerPublicKey{Err: err}
 	}
 
 	// Marshal response without signature to build M1.
@@ -240,7 +240,7 @@ func (r *Requester) verifyChallengeSignature(
 	digest.Write(signData)
 
 	if err := r.cfg.Crypto.Verifier.Verify(r.conn.AsymAlgo, pubKey, digest.Sum(nil), car.Signature); err != nil {
-		return fmt.Errorf("verify: %w", err)
+		return &ErrVerify{Err: err}
 	}
 
 	logger.Debugf(ctx, "Challenge signature verified successfully")
@@ -284,25 +284,25 @@ func buildSigningData(h gocrypto.Hash, message []byte, contextStr string) []byte
 //	[4+H:] concatenated DER-encoded X.509 certificates
 func (r *Requester) extractPeerPublicKey() (gocrypto.PublicKey, error) {
 	if len(r.peerCertChain) == 0 {
-		return nil, fmt.Errorf("no peer certificate chain available")
+		return nil, &ErrNoPeerCertChain{}
 	}
 
 	hashSize := r.conn.HashAlgo.Size()
 	minSize := msgs.CertChainHeaderSize + hashSize
 	if len(r.peerCertChain) < minSize {
-		return nil, fmt.Errorf("peer cert chain too short: %d bytes, need at least %d", len(r.peerCertChain), minSize)
+		return nil, &ErrPeerCertChainTooShort{Size: len(r.peerCertChain), MinSize: minSize}
 	}
 
 	// Skip the SPDM cert chain header (4-byte length+reserved) and root hash.
 	certData := r.peerCertChain[msgs.CertChainHeaderSize+hashSize:]
 
 	certs, err := parseDERCertificates(certData)
 	if err != nil {
-		return nil, fmt.Errorf("parse certificates: %w", err)
+		return nil, &ErrParseCertificates{Err: err}
 	}
 
 	if len(certs) == 0 {
-		return nil, fmt.Errorf("no certificates found in chain")
+		return nil, &ErrNoCertificatesFoundInChain{}
 	}
 
 	// The leaf certificate is the last one in the chain.
@@ -319,12 +319,12 @@ func parseDERCertificates(data []byte) ([]*x509.Certificate, error) {
 		// Determine this certificate's DER length first to extract exactly one cert.
 		certLen, err := derObjectLength(remaining)
 		if err != nil {
-			return nil, fmt.Errorf("determine certificate length at offset %d: %w", len(data)-len(remaining), err)
+			return nil, &ErrDetermineCertLengthAtOffset{Offset: len(data) - len(remaining), Err: err}
 		}
 
 		cert, err := x509.ParseCertificate(remaining[:certLen])
 		if err != nil {
-			return nil, fmt.Errorf("parse certificate at offset %d: %w", len(data)-len(remaining), err)
+			return nil, &ErrParseCertificateAtOffset{Offset: len(data) - len(remaining), Err: err}
 		}
 		certs = append(certs, cert)
 		remaining = remaining[certLen:]
@@ -337,7 +337,7 @@ func parseDERCertificates(data []byte) ([]*x509.Certificate, error) {
 // ASN.1 object in data. This is needed to advance past concatenated DER certificates.
 func derObjectLength(data []byte) (int, error) {
 	if len(data) < 2 {
-		return 0, fmt.Errorf("DER data too short")
+		return 0, &ErrInvalidDER{Reason: "DER data too short"}
 	}
 
 	// Skip the tag byte.
@@ -350,10 +350,10 @@ func derObjectLength(data []byte) (int, error) {
 	// Long form: lenByte & 0x7F = number of subsequent length bytes.
 	numLenBytes := int(lenByte & 0x7F)
 	if numLenBytes == 0 || numLenBytes > 4 {
-		return 0, fmt.Errorf("invalid DER length encoding: %d length bytes", numLenBytes)
+		return 0, &ErrInvalidDER{Reason: fmt.Sprintf("invalid DER length encoding: %d length bytes", numLenBytes)}
 	}
 	if 2+numLenBytes > len(data) {
-		return 0, fmt.Errorf("DER data too short for length encoding")
+		return 0, &ErrInvalidDER{Reason: "DER data too short for length encoding"}
 	}
 
 	var length uint32
@@ -363,7 +363,7 @@ func derObjectLength(data []byte) (int, error) {
 
 	totalLen := 2 + numLenBytes + int(length)
 	if totalLen > len(data) {
-		return 0, fmt.Errorf("DER object length %d exceeds data length %d", totalLen, len(data))
+		return 0, &ErrInvalidDER{Reason: fmt.Sprintf("DER object length %d exceeds data length %d", totalLen, len(data))}
 	}
 	return totalLen, nil
 }

pkg/requester/chunk.go

@@ -2,7 +2,6 @@ package requester
 
 import (
 	"context"
-	"fmt"
 
 	"github.com/facebookincubator/go-belt/tool/logger"
 
@@ -25,7 +24,7 @@ func (r *Requester) ChunkSend(ctx context.Context, handle uint8, largeMsg []byte
 	maxChunkRest := int(r.cfg.DataTransferSize) - 12
 
 	if maxChunkFirst <= 0 || maxChunkRest <= 0 {
-		return fmt.Errorf("chunk_send: DataTransferSize too small for chunking")
+		return &ErrChunkDataTransferSizeTooSmall{}
 	}
 
 	offset := 0
@@ -67,21 +66,21 @@ func (r *Requester) ChunkSend(ctx context.Context, handle uint8, largeMsg []byte
 
 		resp, err := r.sendReceive(ctx, req)
 		if err != nil {
-			return fmt.Errorf("chunk_send: seq=%d: %w", seqNo, err)
+			return &ErrChunkSend{SeqNo: seqNo, Err: err}
 		}
 
 		if resp[1] != uint8(codes.ResponseChunkSendAck) {
-			return fmt.Errorf("chunk_send: unexpected response code 0x%02X at seq=%d", resp[1], seqNo)
+			return &ErrChunkSendUnexpectedResponseCode{Code: resp[1], SeqNo: seqNo}
 		}
 
 		var ack msgs.ChunkSendAck
 		if err := ack.Unmarshal(resp); err != nil {
-			return fmt.Errorf("chunk_send: unmarshal ack: %w", err)
+			return &ErrChunkUnmarshalAck{Err: err}
 		}
 
 		// Check for early error response embedded in ACK.
 		if ack.Header.Param1&msgs.ChunkSendAckAttrEarlyError != 0 {
-			return fmt.Errorf("chunk_send: early error at seq=%d", seqNo)
+			return &ErrChunkSendEarlyError{SeqNo: seqNo}
 		}
 
 		offset = end
@@ -112,16 +111,16 @@ func (r *Requester) ChunkGet(ctx context.Context, handle uint8) ([]byte, error)
 
 		resp, err := r.sendReceive(ctx, req)
 		if err != nil {
-			return nil, fmt.Errorf("chunk_get: seq=%d: %w", seqNo, err)
+			return nil, &ErrChunkGet{SeqNo: seqNo, Err: err}
 		}
 
 		if resp[1] != uint8(codes.ResponseChunkResponse) {
-			return nil, fmt.Errorf("chunk_get: unexpected response code 0x%02X at seq=%d", resp[1], seqNo)
+			return nil, &ErrChunkGetUnexpectedResponseCode{Code: resp[1], SeqNo: seqNo}
 		}
 
 		var cr msgs.ChunkResponse
 		if err := cr.Unmarshal(resp); err != nil {
-			return nil, fmt.Errorf("chunk_get: unmarshal: %w", err)
+			return nil, &ErrChunkUnmarshalResponse{Err: err}
 		}
 
 		result = append(result, cr.Chunk...)

pkg/requester/connection.go

@@ -20,13 +20,13 @@ func (r *Requester) InitConnection(ctx context.Context) (_ret *ConnectionInfo, _
 	logger.Tracef(ctx, "InitConnection")
 	defer func() { logger.Tracef(ctx, "/InitConnection: result:%v; err:%v", _ret, _err) }()
 	if err := r.getVersion(ctx); err != nil {
-		return nil, fmt.Errorf("get_version: %w", err)
+		return nil, &ErrGetVersion{Err: err}
 	}
 	if err := r.getCapabilities(ctx); err != nil {
-		return nil, fmt.Errorf("get_capabilities: %w", err)
+		return nil, &ErrGetCapabilities{Err: err}
 	}
 	if err := r.negotiateAlgorithms(ctx); err != nil {
-		return nil, fmt.Errorf("negotiate_algorithms: %w", err)
+		return nil, &ErrNegotiateAlgorithms{Err: err}
 	}
 	return &r.conn, nil
 }
@@ -48,18 +48,17 @@ func (r *Requester) getVersion(ctx context.Context) error {
 
 	var vr msgs.VersionResponse
 	if err := vr.Unmarshal(resp); err != nil {
-		return fmt.Errorf("unmarshal: %w", err)
+		return &ErrUnmarshalResponse{Err: err}
 	}
 
 	// Per DSP0274 Section 10.3, VERSION response SPDMVersion must be 0x10.
 	if vr.Header.SPDMVersion != 0x10 {
-		return fmt.Errorf("VERSION response SPDMVersion=0x%02X, expected 0x10: %w",
-			vr.Header.SPDMVersion, status.ErrInvalidMsgField)
+		return &ErrVersionResponseInvalid{SPDMVersion: vr.Header.SPDMVersion}
 	}
 
 	// Per DSP0274 Section 10.3, VERSION response must contain at least one entry.
 	if len(vr.VersionEntries) == 0 {
-		return fmt.Errorf("VERSION response has 0 entries: %w", status.ErrInvalidMsgField)
+		return &ErrVersionResponseEmpty{}
 	}
 
 	// Build set of our supported versions for lookup.
@@ -118,14 +117,14 @@ func (r *Requester) getCapabilities(ctx context.Context) error {
 
 	var cr msgs.CapabilitiesResponse
 	if err := cr.Unmarshal(resp); err != nil {
-		return fmt.Errorf("unmarshal: %w", err)
+		return &ErrUnmarshalResponse{Err: err}
 	}
 
 	r.conn.PeerCaps = caps.ResponderCaps(cr.Flags)
 
 	// Per DSP0274 Section 10.4, validate peer capability flag dependencies.
 	if err := caps.ValidateResponderCaps(r.conn.PeerCaps); err != nil {
-		return fmt.Errorf("invalid peer capabilities: %w", err)
+		return &ErrInvalidPeerCapabilities{Err: err}
 	}
 
 	r.state = StateAfterCapabilities
@@ -158,7 +157,7 @@ func (r *Requester) negotiateAlgorithms(ctx context.Context) error {
 
 	var ar msgs.AlgorithmsResponse
 	if err := ar.Unmarshal(resp); err != nil {
-		return fmt.Errorf("unmarshal: %w", err)
+		return &ErrUnmarshalResponse{Err: err}
 	}
 
 	if err := r.validateAlgorithmsResponse(&ar); err != nil {
@@ -231,27 +230,38 @@ func (r *Requester) buildAlgStructs() []msgs.AlgStructTable {
 func (r *Requester) validateAlgorithmsResponse(ar *msgs.AlgorithmsResponse) error {
 	sel := algo.BaseHashAlgo(ar.BaseHashSel)
 	if sel == 0 {
-		return fmt.Errorf("ALGORITHMS response has zero BaseHashSel: %w", status.ErrNegotiationFail)
+		return &ErrAlgorithmsNegotiationFail{
+			Reason: "ALGORITHMS response has zero BaseHashSel",
+			Err:    status.ErrNegotiationFail,
+		}
 	}
 
 	// Per DSP0274 Section 10.5, each selection field must have exactly one bit set.
 	if !isSingleBit(ar.BaseHashSel) {
-		return fmt.Errorf("ALGORITHMS response BaseHashSel has multiple bits: 0x%08X: %w",
-			ar.BaseHashSel, status.ErrInvalidMsgField)
+		return &ErrAlgorithmsNegotiationFail{
+			Reason: fmt.Sprintf("ALGORITHMS response BaseHashSel has multiple bits: 0x%08X", ar.BaseHashSel),
+			Err:    status.ErrInvalidMsgField,
+		}
 	}
 	if !isSingleBit(ar.BaseAsymSel) && ar.BaseAsymSel != 0 {
-		return fmt.Errorf("ALGORITHMS response BaseAsymSel has multiple bits: 0x%08X: %w",
-			ar.BaseAsymSel, status.ErrInvalidMsgField)
+		return &ErrAlgorithmsNegotiationFail{
+			Reason: fmt.Sprintf("ALGORITHMS response BaseAsymSel has multiple bits: 0x%08X", ar.BaseAsymSel),
+			Err:    status.ErrInvalidMsgField,
+		}
 	}
 
 	// Per DSP0274 Section 10.5, selected algorithms must be a subset of what was requested.
 	if ar.BaseHashSel&uint32(r.cfg.BaseHashAlgo) != ar.BaseHashSel {
-		return fmt.Errorf("ALGORITHMS BaseHashSel 0x%08X not subset of requested 0x%08X: %w",
-			ar.BaseHashSel, uint32(r.cfg.BaseHashAlgo), status.ErrInvalidMsgField)
+		return &ErrAlgorithmsNegotiationFail{
+			Reason: fmt.Sprintf("ALGORITHMS BaseHashSel 0x%08X not subset of requested 0x%08X", ar.BaseHashSel, uint32(r.cfg.BaseHashAlgo)),
+			Err:    status.ErrInvalidMsgField,
+		}
 	}
 	if ar.BaseAsymSel != 0 && ar.BaseAsymSel&uint32(r.cfg.BaseAsymAlgo) != ar.BaseAsymSel {
-		return fmt.Errorf("ALGORITHMS BaseAsymSel 0x%08X not subset of requested 0x%08X: %w",
-			ar.BaseAsymSel, uint32(r.cfg.BaseAsymAlgo), status.ErrInvalidMsgField)
+		return &ErrAlgorithmsNegotiationFail{
+			Reason: fmt.Sprintf("ALGORITHMS BaseAsymSel 0x%08X not subset of requested 0x%08X", ar.BaseAsymSel, uint32(r.cfg.BaseAsymAlgo)),
+			Err:    status.ErrInvalidMsgField,
+		}
 	}
 
 	r.conn.HashAlgo = sel