[frost] usable share backup errors

LLFourn · Dec 28, 2023 · bdc7f0b · bdc7f0b
1 parent 13a8359
commit bdc7f0b
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 3 deletions.
diff --git a/schnorr_fun/src/share_backup.rs b/schnorr_fun/src/share_backup.rs
@@ -46,7 +46,7 @@
 //! By leaving this data piece at the end, we can use the length of the remaining data to
 //! easily decode a single bech32 char into integer, or 32 chars into a scalar.
 
-use alloc::{string::String, vec::Vec};
+use alloc::{fmt, string::String, vec::Vec};
 use bech32::{u5, FromBase32, ToBase32, Variant::Bech32m};
 use core::num::NonZeroU32;
 use secp256kfun::{
@@ -76,6 +76,43 @@ pub enum FrostBackupDecodeError {
     ShareIndexIsZero,
 }
 
+#[cfg(feature = "std")]
+impl std::error::Error for FrostBackupDecodeError {}
+
+impl fmt::Display for FrostBackupDecodeError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match &self {
+            FrostBackupDecodeError::Bech32DecodeError(e) => {
+                write!(f, "Failed to decode bech32m string: {e}")
+            }
+            FrostBackupDecodeError::WrongBech32Variant(e) => {
+                write!(f, "Expected bech32m but decoded {e:?}")
+            }
+            FrostBackupDecodeError::InvalidSecretShareScalar => {
+                write!(
+                    f,
+                    "Invalid secret share scalar value, not on secp256k1 curve."
+                )
+            }
+            FrostBackupDecodeError::InvalidHumanReadablePrefix => {
+                write!(f, "Expected human readable prefix `frost`",)
+            }
+            FrostBackupDecodeError::UnknownShareIndexLength => {
+                write!(f, "Expected share index of 1 character or 52 characters.",)
+            }
+            FrostBackupDecodeError::InvalidShareIndexScalar => {
+                write!(f, "Share index scalar was not a valid secp256k1 scalar.",)
+            }
+            FrostBackupDecodeError::ShareIndexIsZero => {
+                write!(
+                    f,
+                    "Can not have a share index of zero since this immediately implies the secret.",
+                )
+            }
+        }
+    }
+}
+
 /// Create an identifier that's used to determine compatibility of shamir secret shares.
 /// The first 4 bech32 chars from a hash of the polynomial coefficients.
 /// Collision expected once in (32)^4 = 2^20.

diff --git a/schnorr_fun/tests/share_backup.rs b/schnorr_fun/tests/share_backup.rs
@@ -11,7 +11,7 @@ fn share_backup_short() {
         "1234123412341234123412341234123412341234123412341234123412341234",
     )
     .unwrap();
-    let share_index = s!(7);
+    let share_index = s!(7).public();
 
     let share_backup = encode_backup::<sha2::Sha256>(&polynomial, &secret_share, &share_index);
     dbg!(&share_backup);
@@ -43,7 +43,8 @@ fn share_backup_long() {
     let share_index = Scalar::<Secret>::from_str(
         "34f7ce653cfa8454b3463726a599ef2925736442d2d06455974d6feae9450d90",
     )
-    .unwrap();
+    .unwrap()
+    .public();
 
     let share_backup = encode_backup::<sha2::Sha256>(&polynomial, &secret_share, &share_index);
     dbg!(&share_backup);