Add WithError trait to check for error after using RustCrypto API

[zhouwfang]

To resolve #176.

Please let me know any issue or improvement. Thanks!

1. I was wondering if there is any existing test in wasefire/examples that could be used to check if these changes break anything, especially using FixedOutputReset for the Hmac trait.

2. What Rust format tool do you use? As you can see, I use a different format tool and I'm happy to change to yours.

[ia0]

Thanks for the PR!

1. You can just run ./scripts/ci.sh to run all CI locally. However, if you don't want to modify the changelogs just yet, you can run ./scripts/ci-tests.sh which runs the tests of all crates, and ./scripts/hwci.sh host --no-default-features which runs all applet tests. This last one will exerce those APIs (in particular the hash_test and ec_test for example).

Actually, thinking about it, I think a better approach that would statically avoid mistakes, is to define a wrapper API on top of board::crypto::Api that actually return errors such that last_error is handled internally. It would look like this:

pub struct HashApi<T: Hash>(T);
pub struct HmacApi<T: Hmac>(T);

impl<T: Hash> HashApi<T> {
    pub fn new() -> Result<Self, Error> { ... last_error ... }
    pub fn update(&mut self, data: &[u8]) -> Result<(), Error> { ... last_error ... }
    ...
}
// same for Hmac

2. I use rustfmt (through rust-analyzer, but this shouldn't change anything) which should use the top-level rustfmt.toml configuration file. cargo fmt should also work the same.

[ia0]

By the way, I've merged #431 to ensure the board API is documented. You'll have to rebase (the conflicts should be trivial, that PR is just adding documentation).

[ia0]

Thanks for the work! This is going in the right direction from what I can see. It seems you still need to do the same as new but for update and finalize.

[zhouwfang]

Actually, thinking about it, I think a better approach that would statically avoid mistakes, is to define a wrapper API on top of board::crypto::Api that actually return errors such that last_error is handled internally. It would look like this:

pub struct HashApi<T: Hash>(T);
pub struct HmacApi<T: Hmac>(T);

impl<T: Hash> HashApi<T> {
    pub fn new() -> Result<Self, Error> { ... last_error ... }
    pub fn update(&mut self, data: &[u8]) -> Result<(), Error> { ... last_error ... }
    ...
}
// same for Hmac

Good idea! (I also had a similar feeling -- need something similar to RAII in C++.)

[ia0]

Thanks! Looks good, it's getting closer. I suspect there might be some difficulties with imports eventually, but we'll deal with them once the rest is fixed.

[ia0]

Looks good. I suspect after this iteration, it should be pretty close to code-complete. Then it will be about following the CI errors and fixing them.

[ia0]

This is correct. The RustCrypto implementation does not fail. I'll remove the comments in my review commit. Actually I introduced a NoError helper trait.

[ia0]

Indeed, this one needs to propagate the hash last error. I'll update it in my commit because I actually realized the LastError signature is too strong. We don't always have access to the object. So I'm changing it to WithError which makes it harder to implement, but it works in our internal use-case.