Sanded off loose ends from the refactoring.

crates/btnode/src/crypto/mod.rs

@@ -96,17 +96,6 @@ impl From<TryFromIntError> for Error {
 
 pub(crate) type Result<T> = std::result::Result<T, Error>;
 
-trait ConvErr<T> {
-    fn conv_err(self) -> Result<T>;
-}
-
-impl<T, E: Into<Error>> ConvErr<T> for std::result::Result<T, E> {
-    /// Converts the error value in self to a `crypto::Error`.
-    fn conv_err(self) -> Result<T> {
-        self.map_err(|e| e.into())
-    }
-}
-
 /// A cryptographic hash.
 #[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Hashable, Clone, EnumDiscriminants)]
 #[strum_discriminants(derive(EnumString, Display, Serialize, Deserialize))]
@@ -268,7 +257,7 @@ struct SymParams<'a> {
 /// Returns an array of the given length filled with cryptographically random data.
 fn rand_array<const LEN: usize>() -> Result<[u8; LEN]> {
     let mut array = [0; LEN];
-    rand_bytes(&mut array).conv_err()?;
+    rand_bytes(&mut array)?;
     Ok(array)
 }
 
@@ -296,20 +285,21 @@ impl SymKey {
 impl Encrypter for SymKey {
     fn encrypt(&self, slice: &[u8]) -> Result<Vec<u8>> {
         let SymParams { cipher, key, iv } = self.params();
-        openssl_encrypt(cipher, key, iv, slice).conv_err()
+        Ok(openssl_encrypt(cipher, key, iv, slice)?)
     }
 }
 
 impl Decrypter for SymKey {
     fn decrypt(&self, slice: &[u8]) -> Result<Vec<u8>> {
         let SymParams { cipher, key, iv } = self.params();
-        openssl_decrypt(cipher, key, iv, slice).conv_err()
+        Ok(openssl_decrypt(cipher, key, iv, slice)?)
     }
 }
 
-pub trait Scheme: for<'de> Deserialize<'de> + Serialize + Copy + std::fmt::Debug + PartialEq {
+pub trait Scheme: for<'de> Deserialize<'de> + Serialize
+    + Copy + std::fmt::Debug + PartialEq + Into<Self::Kind>
+{
     type Kind: Scheme;
-    fn kind(self) -> Self::Kind;
     fn as_enum(self) -> SchemeKind;
     fn message_digest(&self) -> MessageDigest;
     fn padding(&self) -> Option<OpensslPadding>;
@@ -331,12 +321,8 @@ pub enum Encrypt {
 impl Scheme for Encrypt {
     type Kind = Encrypt;
 
-    fn kind(self) -> Encrypt {
-        self
-    }
-
     fn as_enum(self) -> SchemeKind {
-        SchemeKind::Encrypt(self.kind())
+        SchemeKind::Encrypt(self)
     }
 
     fn message_digest(&self) -> MessageDigest {
@@ -385,12 +371,8 @@ pub enum Sign {
 impl Scheme for Sign {
     type Kind = Sign;
 
-    fn kind(self) -> Sign {
-        self
-    }
-
     fn as_enum(self) -> SchemeKind {
-        SchemeKind::Sign(self.kind())
+        SchemeKind::Sign(self)
     }
 
     fn message_digest(&self) -> MessageDigest {
@@ -444,11 +426,11 @@ pub struct RsaEsOaep {
 }
 
 fn generate_rsa<S: Scheme>(scheme: S) -> Result<AsymKeyPair<S>> {
-    let key_bits = 8 * u32::try_from(RSA_KEY_BYTES).conv_err()?;
+    let key_bits = 8 * u32::try_from(RSA_KEY_BYTES)?;
     let key = Rsa::generate(key_bits)?;
     // TODO: Separating the keys this way seems inefficient. Investigate alternatives.
-    let public_der = key.public_key_to_der().conv_err()?;
-    let private_der = key.private_key_to_der().conv_err()?;
+    let public_der = key.public_key_to_der()?;
+    let private_der = key.private_key_to_der()?;
     let public = AsymKey::<Public, S>::new(scheme, &public_der)?;
     let private = AsymKey::<Private, S>::new(scheme, &private_der)?;
     Ok(AsymKeyPair { public, private })
@@ -457,12 +439,8 @@ fn generate_rsa<S: Scheme>(scheme: S) -> Result<AsymKeyPair<S>> {
 impl Scheme for RsaEsOaep {
     type Kind = Encrypt;
 
-    fn kind(self) -> Encrypt {
-        Encrypt::RsaEsOaep(self)
-    }
-
     fn as_enum(self) -> SchemeKind {
-        SchemeKind::Encrypt(self.kind())
+        SchemeKind::Encrypt(self.into())
     }
 
     fn message_digest(&self) -> MessageDigest {
@@ -474,21 +452,21 @@ impl Scheme for RsaEsOaep {
     }
 
     fn public_from_der(self, der: &[u8]) -> Result<PKey<OsslPublic>> {
-        PKey::public_key_from_der(der).conv_err()
+        Ok(PKey::public_key_from_der(der)?)
     }
 
     fn private_from_der(self, der: &[u8]) -> Result<PKey<OsslPrivate>> {
-        PKey::private_key_from_der(der).conv_err()
+        Ok(PKey::private_key_from_der(der)?)
     }
 
     fn generate(self) -> Result<AsymKeyPair<Self::Kind>> {
-        generate_rsa(self.kind())
+        generate_rsa(self.into())
     }
 }
 
 impl From<RsaEsOaep> for Encrypt {
     fn from(scheme: RsaEsOaep) -> Self {
-        scheme.kind()
+        Encrypt::RsaEsOaep(scheme)
     }
 }
 
@@ -501,12 +479,8 @@ pub struct RsaSsaPss {
 impl Scheme for RsaSsaPss {
     type Kind = Sign;
 
-    fn kind(self) -> Sign {
-        Sign::RsaSsaPss(self)
-    }
-
     fn as_enum(self) -> SchemeKind {
-        SchemeKind::Sign(self.kind())
+        SchemeKind::Sign(self.into())
     }
 
     fn message_digest(&self) -> MessageDigest {
@@ -518,26 +492,28 @@ impl Scheme for RsaSsaPss {
     }
 
     fn public_from_der(self, der: &[u8]) -> Result<PKey<OsslPublic>> {
-        PKey::public_key_from_der(der).conv_err()
+        Ok(PKey::public_key_from_der(der)?)
     }
 
     fn private_from_der(self, der: &[u8]) -> Result<PKey<OsslPrivate>> {
-        PKey::private_key_from_der(der).conv_err()
+        Ok(PKey::private_key_from_der(der)?)
     }
 
     fn generate(self) -> Result<AsymKeyPair<Self::Kind>> {
-        generate_rsa(self.kind())
+        generate_rsa(self.into())
     }
 }
 
 impl From<RsaSsaPss> for Sign {
     fn from(scheme: RsaSsaPss) -> Self {
-        scheme.kind()
+        Sign::RsaSsaPss(scheme)
     }
 }
 
+/// Marker trait for the `Public` and `Private` key privacy types.
 pub trait KeyPrivacy {}
 
+/// Represents keys which can be shared freely.
 #[derive(Clone, Debug)]
 pub enum Public {}
 
@@ -545,27 +521,43 @@ impl KeyPrivacy for Public {}
 
 unsafe impl HasPublic for Public {}
 
+/// Represents keys which must be kept confidential.
 pub enum Private {}
 
 impl KeyPrivacy for Private {}
 
 unsafe impl HasPrivate for Private {}
 
-fn conv_pkey<T, Q>(pkey: PKey<T>) -> PKey<Q> {
-    let ptr = pkey.as_ptr();
-    let new_pkey = unsafe { PKey::from_ptr(ptr) };
-    std::mem::forget(pkey);
-    new_pkey
-}
+trait PKeyExt<T> {
+    /// Converts a PKey<T> to a PKey<U>. This hack allows for converting between openssl's
+    /// Public and Private types and ours. 
+    fn conv_pkey<U>(self) -> PKey<U>;
 
-fn conv_pkey_pub(pkey: PKey<OsslPublic>) -> PKey<Public> {
-    conv_pkey(pkey)
+    /// Convert from openssl's Public type to `crypto::Public`.
+    fn conv_pub(self) -> PKey<Public>;
+
+    /// Convert from openssl's Private type to `crypto::Private`.
+    fn conv_priv(self) -> PKey<Private>;
 }
 
-fn conv_pkey_priv(pkey: PKey<OsslPrivate>) -> PKey<Private> {
-    conv_pkey(pkey)
+impl<T> PKeyExt<T> for PKey<T> {
+    fn conv_pkey<U>(self) -> PKey<U> {
+        let ptr = self.as_ptr();
+        let new_pkey = unsafe { PKey::from_ptr(ptr) };
+        std::mem::forget(self);
+        new_pkey
+    }
+
+    fn conv_pub(self) -> PKey<Public> {
+        self.conv_pkey()
+    }
+
+    fn conv_priv(self) -> PKey<Private> {
+        self.conv_pkey()
+    }
 }
 
+/// Represents any kind of asymmetric key.
 #[derive(Debug, Clone)]
 pub struct AsymKey<P: KeyPrivacy, S: Scheme> {
     scheme: S,
@@ -574,30 +566,20 @@ pub struct AsymKey<P: KeyPrivacy, S: Scheme> {
 
 pub type AsymKeyPub<S> = AsymKey<Public, S>;
 
-impl<P: KeyPrivacy, S: Scheme> AsymKey<P, S> {
-    fn digest(&self) -> MessageDigest {
-        self.scheme.message_digest()
-    }
-
-    fn padding(&self) -> Option<OpensslPadding> {
-        self.scheme.padding()
-    }
-}
-
 impl<S: Scheme> AsymKey<Public, S> {
     pub(crate) fn new(scheme: S, der: &[u8]) -> Result<AsymKey<Public, S>> {
-        let pkey = conv_pkey_pub(scheme.public_from_der(der)?);
+        let pkey = scheme.public_from_der(der)?.conv_pub();
         Ok(AsymKey { scheme, pkey })
     }
 
     fn to_der(&self) -> Result<Vec<u8>> {
-        self.pkey.public_key_to_der().conv_err()
+        Ok(self.pkey.public_key_to_der()?)
     }
 }
 
 impl<S: Scheme> AsymKey<Private, S> {
     pub(crate) fn new(scheme: S, der: &[u8]) -> Result<AsymKey<Private, S>> {
-        let pkey = conv_pkey_priv(scheme.private_from_der(der)?);
+        let pkey = scheme.private_from_der(der)?.conv_priv();
         Ok(AsymKey { scheme, pkey })
     }
 }
@@ -679,7 +661,7 @@ impl Owned for AsymKey<Public, Sign> {
 impl Encrypter for AsymKey<Public, Encrypt> {
     fn encrypt(&self, slice: &[u8]) -> Result<Vec<u8>> {
         let mut encrypter = OsslEncrypter::new(&self.pkey)?;
-        if let Some(padding) = self.padding() {
+        if let Some(padding) = self.scheme.padding() {
             encrypter.set_rsa_padding(padding)?;
         }
         {
@@ -696,17 +678,17 @@ impl Encrypter for AsymKey<Public, Encrypt> {
 
 impl Decrypter for AsymKey<Private, Encrypt> {
     fn decrypt(&self, slice: &[u8]) -> Result<Vec<u8>> {
-        let mut decrypter = OsslDecrypter::new(&self.pkey).conv_err()?;
-        if let Some(padding) = self.padding() {
-            decrypter.set_rsa_padding(padding).conv_err()?;
+        let mut decrypter = OsslDecrypter::new(&self.pkey)?;
+        if let Some(padding) = self.scheme.padding() {
+            decrypter.set_rsa_padding(padding)?;
         }
         {
             let Encrypt::RsaEsOaep(inner) = self.scheme;
             decrypter.set_rsa_oaep_md(inner.message_digest())?;
         }
-        let buffer_len = decrypter.decrypt_len(slice).conv_err()?;
+        let buffer_len = decrypter.decrypt_len(slice)?;
         let mut plaintext = vec![0; buffer_len];
-        let plaintext_len = decrypter.decrypt(slice, &mut plaintext).conv_err()?;
+        let plaintext_len = decrypter.decrypt(slice, &mut plaintext)?;
         plaintext.truncate(plaintext_len);
         Ok(plaintext)
     }
@@ -729,7 +711,7 @@ impl Signer for AsymKey<Private, Sign> {
 
 impl Verifier for AsymKey<Public, Sign> {
     fn verify<'a, I: Iterator<Item=&'a [u8]>>(&self, parts: I, signature: &[u8]) -> Result<bool> {
-        let mut verifier = OsslVerifier::new(self.digest(), &self.pkey)?;
+        let mut verifier = OsslVerifier::new(self.scheme.message_digest(), &self.pkey)?;
         if let Some(padding) = self.scheme.padding() {
             verifier.set_rsa_padding(padding)?;
         }
@@ -793,6 +775,7 @@ impl ConcreteCreds {
         ConcreteCreds { sign, encrypt }
     }
 
+    #[cfg(test)]
     pub(crate) fn generate() -> Result<ConcreteCreds> {
         let encrypt = Encrypt::RSA_OAEP_3072_SHA_256.generate()?;
         let sign = Sign::RSA_PSS_3072_SHA_256.generate()?;
@@ -915,7 +898,7 @@ pub(crate) fn decrypt_block<C: Decrypter>(
 }
 
 fn encrypt<T: Serialize, K: Encrypter>(value: &T, key: &K) -> Result<Cryptotext<T>> {
-    let data = to_vec(value).conv_err()?;
+    let data = to_vec(value)?;
     let vec = key.encrypt(&data);
     Ok(Cryptotext::Cipher(vec?))
 }
@@ -928,7 +911,7 @@ fn decrypt<T: Serialize + DeserializeOwned, K: Decrypter>(
         Cryptotext::Cipher(data) => data
     };
     let vec = key.decrypt(&data);
-    from_vec(&vec?).conv_err()
+    Ok(from_vec(&vec?)?)
 }
 
 #[derive(Serialize)]

crates/btnode/src/crypto/tpm.rs

@@ -111,7 +111,7 @@ impl ContextExt for Context {
         let more = false;
         for _ in 0..255 {
             let (handles, more) = self.get_capability(capability, property, property_count)
-                .conv_err()?;
+                ?;
             let list = match handles {
                 CapabilityData::Handles(list) => list.into_inner(),
                 _ => return Err(Error::custom(
@@ -119,7 +119,7 @@ impl ContextExt for Context {
             };
             all_handles.reserve(list.len());
             for handle in list {
-                all_handles.push(PersistentTpmHandle::try_from(handle).conv_err()?);
+                all_handles.push(PersistentTpmHandle::try_from(handle)?);
             }
             if !more {
                 break;
@@ -195,13 +195,13 @@ impl ContextExt for Context {
     }
 
     fn evict_key(&mut self, persistent: TPM2_HANDLE, key_handle: Option<KeyHandle>) -> Result<()> {
-        let tpm_handle = TpmHandle::try_from(persistent).conv_err()?;
+        let tpm_handle = TpmHandle::try_from(persistent)?;
         let key_handle = match key_handle {
             Some(key_handle) => key_handle,
             None => self.tr_from_tpm_public(tpm_handle)?.into()
         };
         let persistent = Persistent::Persistent(
-            PersistentTpmHandle::try_from(tpm_handle).conv_err()?);
+            PersistentTpmHandle::try_from(tpm_handle)?);
         self.evict_control(Provision::Owner, key_handle.into(), persistent)?;
         Ok(())
     }
@@ -215,14 +215,14 @@ impl ContextExt for Context {
             SymmetricDefinition::AES_256_CFB,
             HashingAlgorithm::Sha256,
         )
-        .conv_err()?
+        ?
         .ok_or_else(|| Error::custom("empty session handle received from TPM"))?;
 
         let (attributes, mask) = SessionAttributesBuilder::new()
             .with_decrypt(true)
             .with_encrypt(true)
             .build();
-        self.tr_sess_set_attributes(session, attributes, mask).conv_err()?;
+        self.tr_sess_set_attributes(session, attributes, mask)?;
 
         Ok(session)
     }
@@ -232,7 +232,7 @@ impl ContextExt for Context {
     /// object which is not actually a key, then an error is returned.
     fn key_handle(&mut self, tpm_handle: TpmHandle) -> Result<KeyHandle> {
         let obj_handle = self.execute_with_session(None, |ctx| {
-            ctx.tr_from_tpm_public(tpm_handle).conv_err()
+            ctx.tr_from_tpm_public(tpm_handle)
         })?;
         Ok(obj_handle.into())
     }
@@ -352,24 +352,24 @@ impl Storage {
     }
 
     fn save<W: Write>(&self, to: &mut W) -> Result<()> {
-        write_to(self, to).conv_err()
+        Ok(write_to(self, to)?)
     }
 
     fn load<R: Read>(from: &mut R) -> Result<Storage> {
-        read_from(from).conv_err()
+        Ok(read_from(from)?)
     }
 
     fn init<P: AsRef<Path>>(&self, path: P) -> Result<()> {
         let file = OpenOptions::new().write(true).create_new(true).open(&path)
-            .conv_err()?;
+            ?;
         // Only allow access from the current user.
-        let metadata = file.metadata().conv_err()?;
+        let metadata = file.metadata()?;
         let mut permissions = metadata.permissions();
         permissions.set_mode(0o600);
-        file.set_permissions(permissions).conv_err()?;
+        file.set_permissions(permissions)?;
         let mut reader = BufWriter::new(file);
         self.save(&mut reader)?; 
-        reader.flush().conv_err()?;
+        reader.flush()?;
         Ok(())
     }
 
@@ -475,17 +475,17 @@ impl<'a, S: Scheme> KeyBuilder<'a, S> {
             .with_sign_encrypt(!decrypt)
             .with_restricted(false)
             .build()
-            .conv_err()?;
+            ?;
         let name_hashing_algorithm = HashingAlgorithm::Sha256;
         let auth_policy = Digest::empty();
         let parameters = PublicRsaParameters::new(
             SymmetricDefinitionObject::Null,
             scheme_enum.try_into()?,
             Self::RSA_KEY_BITS,
-            RsaExponent::try_from(Self::RSA_EXPONENT).conv_err()?, 
+            RsaExponent::try_from(Self::RSA_EXPONENT)?, 
         );
         let unique = PublicKeyRsa::try_from(self.unique)
-            .conv_err()?;
+            ?;
         let public = Public::Rsa {
             object_attributes,
             name_hashing_algorithm,
@@ -516,7 +516,7 @@ struct KeyPair<S: Scheme> {
 
 impl<S: Scheme> KeyPair<S> {
     fn from_stored(context: &mut Context, stored: &StoredKeyPair<S>) -> Result<KeyPair<S>> {
-        let tpm_handle = TpmHandle::try_from(stored.private).conv_err()?;
+        let tpm_handle = TpmHandle::try_from(stored.private)?;
         let key_handle = context.key_handle(tpm_handle)?;
         Ok(KeyPair { public: stored.public.clone(), private: key_handle })
     }
@@ -571,23 +571,23 @@ impl TpmCredStore {
         let cookie = storage.cookie.clone();
         let state = Arc::new(RwLock::new(State::new(context, storage)));
         {
-            let mut guard = state.write().conv_err()?;
+            let mut guard = state.write()?;
             guard.init_node_creds(&state)?;
         }
         Ok(TpmCredStore { state, storage_path: state_path.as_ref().to_owned(), cookie })
     }
 
     fn save_storage(&self, guard: &mut RwLockWriteGuard<State>) -> Result<()> {
-        let file = OpenOptions::new().write(true).open(&self.storage_path).conv_err()?;
+        let file = OpenOptions::new().write(true).open(&self.storage_path)?;
         let mut writer = BufWriter::new(file);
         guard.storage.save(&mut writer)?;
-        writer.flush().conv_err()?;
+        writer.flush()?;
         Ok(())
     }
 
     fn gen_key<S: Scheme>(&self, params: KeyBuilder<S>) -> Result<KeyPair<S>> {
         let result = {
-            let mut guard = self.state.write().conv_err()?;
+            let mut guard = self.state.write()?;
             guard.context.create_primary(
                 Hierarchy::Owner,
                 params.template()?,
@@ -596,7 +596,7 @@ impl TpmCredStore {
                 None,
                 None,
             )
-            .conv_err()?
+            ?
         };
         let public = AsymKey::try_from(result.out_public, params.scheme)?;
         Ok(KeyPair { public, private: result.key_handle })
@@ -619,7 +619,7 @@ impl TpmCredStore {
     fn persist<F: FnOnce(&mut Storage, TpmHandles)>(
         &self, creds: &TpmCreds, update_storage: F
     ) -> Result<()> {
-        let mut guard = self.state.write().conv_err()?;
+        let mut guard = self.state.write()?;
         let sign_handle = guard.context.persist_key(creds.sign.private)?;
         let enc_handle = match guard.context.persist_key(creds.enc.private) {
             Ok(handle) => handle,
@@ -660,7 +660,7 @@ impl TpmCredStore {
         let unique: [u8; COOKIE_LEN] = rand_array()?;
         let params = KeyBuilder::new(Sign::RSA_PSS_3072_SHA_256, unique.as_slice())
             .with_allow_dup(true)
-            .with_auth(Auth::try_from(password.as_bytes()).conv_err()?);
+            .with_auth(Auth::try_from(password.as_bytes())?);
         self.gen_key(params)
     }
 
@@ -668,7 +668,7 @@ impl TpmCredStore {
         let unique: [u8; COOKIE_LEN] = rand_array()?;
         let params = KeyBuilder::new(Encrypt::RSA_OAEP_3072_SHA_256, unique.as_slice())
             .with_allow_dup(true)
-            .with_auth(Auth::try_from(password.as_bytes()).conv_err()?);
+            .with_auth(Auth::try_from(password.as_bytes())?);
         self.gen_key(params)
     }
 }
@@ -678,7 +678,7 @@ impl CredStore for TpmCredStore {
 
     fn node_creds(&self) -> Result<TpmCreds> {
         {
-            let guard = self.state.read().conv_err()?;
+            let guard = self.state.read()?;
             if let Some(creds) = &guard.node_creds {
                 return Ok(creds.clone())
             }
@@ -688,14 +688,14 @@ impl CredStore for TpmCredStore {
 
     fn root_creds(&self, password: &str) -> Result<Self::CredHandle> {
         let root_handles = {
-            let guard = self.state.read().conv_err()?;
+            let guard = self.state.read()?;
             guard.storage.root.as_ref()
                 .ok_or_else(|| Error::custom("root creds have not yet been generated"))?
                 .clone()
         };
-        let mut guard = self.state.write().conv_err()?;
+        let mut guard = self.state.write()?;
         let key_handles = root_handles.to_key_handles(&mut guard.context)?;
-        let auth = Auth::try_from(password.as_bytes()).conv_err()?;
+        let auth = Auth::try_from(password.as_bytes())?;
         guard.context.tr_set_auth(key_handles.sign.private.into(), auth.clone())?;
         guard.context.tr_set_auth(key_handles.enc.private.into(), auth)?;
         Ok(TpmCreds::new(key_handles, &self.state))
@@ -703,7 +703,7 @@ impl CredStore for TpmCredStore {
 
     fn gen_root_creds(&self, password: &str) -> Result<Self::CredHandle> {
         {
-            let guard = self.state.read().conv_err()?;
+            let guard = self.state.read()?;
             if guard.storage.root.is_some() {
                 return Err(Error::custom("root creds have already been generated"))
             }
@@ -721,10 +721,10 @@ impl<S: Scheme> AsymKeyPub<S> {
         match public {
             Public::Rsa { parameters, unique, .. } => {
                 let exponent_value = parameters.exponent().value();
-                let exponent = BigNum::from_u32(exponent_value).conv_err()?;
-                let modulus = BigNum::from_slice(unique.as_slice()).conv_err()?;
-                let rsa = Rsa::from_public_components(modulus, exponent).conv_err()?;
-                let pkey = conv_pkey_pub(PKey::from_rsa(rsa).conv_err()?);
+                let exponent = BigNum::from_u32(exponent_value)?;
+                let modulus = BigNum::from_slice(unique.as_slice())?;
+                let rsa = Rsa::from_public_components(modulus, exponent)?;
+                let pkey = PKey::from_rsa(rsa)?.conv_pub();
                 Ok(AsymKey { pkey, scheme })
             },
             _ => Err(Error::custom("Unsupported key type returned by TPM")),
@@ -863,21 +863,21 @@ impl CredsPub for TpmCreds {}
 impl Signer for TpmCreds {
     fn sign<'a, I: Iterator<Item=&'a [u8]>>(&self, parts: I) -> Result<Signature> {
         let digest = {
-            let mut hasher = Hasher::new(self.sign.public.digest()).conv_err()?;
+            let mut hasher = Hasher::new(self.sign.public.scheme.message_digest())?;
             for part in parts {
-                hasher.update(part).conv_err()?;
+                hasher.update(part)?;
             }
-            let bytes = hasher.finish().conv_err()?;
+            let bytes = hasher.finish()?;
             let slice: &[u8] = &bytes;
-            Digest::try_from(slice).conv_err()?
+            Digest::try_from(slice)?
         };
         let validation = HashcheckTicket::null();
         let scheme = SignatureScheme::Null;
 
         let sig = {
-            let mut guard = self.state.write().conv_err()?;
+            let mut guard = self.state.write()?;
             guard.context.sign(self.sign.private, digest, scheme, validation)
-                .conv_err()?
+                ?
         };
         let slice: &[u8] = match &sig {
             tss_esapi::structures::Signature::RsaSsa(inner) => inner.signature(),
@@ -894,12 +894,12 @@ impl Signer for TpmCreds {
 
 impl Decrypter for TpmCreds {
     fn decrypt(&self, slice: &[u8]) -> Result<Vec<u8>> {
-        let cipher_text = PublicKeyRsa::try_from(slice).conv_err()?;
+        let cipher_text = PublicKeyRsa::try_from(slice)?;
         let in_scheme = RsaDecryptionScheme::Null;
         let empty = [0u8; 0];
-        let label = Data::try_from(empty.as_slice()).conv_err()?;
+        let label = Data::try_from(empty.as_slice())?;
         let plain_text = {
-            let mut guard = self.state.write().conv_err()?;
+            let mut guard = self.state.write()?;
             guard.context.rsa_decrypt(self.enc.private, cipher_text, in_scheme, label)?
         };
         Ok(Vec::from(plain_text.value()))
@@ -1017,7 +1017,7 @@ mod test {
             static PORT: AtomicU16 = AtomicU16::new(21901);
             let port = PORT.fetch_add(2, Ordering::SeqCst);
             let ctrl_port = port + 1;
-            let dir = TempDir::new(format!("btnode.{port}").as_str()).conv_err()?;
+            let dir = TempDir::new(format!("btnode.{port}").as_str())?;
             let dir_path = dir.path();
             let dir_path_display = dir_path.display();
             let bus_name = format!("btnode.port{port}");
@@ -1066,8 +1066,8 @@ active_pcr_banks = sha256
 
         fn context(&self) -> Result<Context> {
             let config_string = format!("bus_type=session,bus_name={}", self.bus_name);
-            let config = TabrmdConfig::from_str(config_string.as_str()).conv_err()?;
-            Context::new(TctiNameConf::Tabrmd(config)).conv_err()
+            let config = TabrmdConfig::from_str(config_string.as_str())?;
+            Ok(Context::new(TctiNameConf::Tabrmd(config))?)
         }
 
         fn state_path(&self) -> &Path {
@@ -1150,7 +1150,7 @@ active_pcr_banks = sha256
             SymmetricDefinition::AES_256_CFB,
             HashingAlgorithm::Sha256,
         )
-        .conv_err()
+        
         .expect("Failed to create session")
         .expect("Received invalid handle");
 
@@ -1163,7 +1163,7 @@ active_pcr_banks = sha256
                 None,
                 None,
             )
-            .conv_err()
+            
             .expect("create_primary failed")
             .key_handle;
 
@@ -1175,11 +1175,11 @@ active_pcr_banks = sha256
     #[test]
     fn tpm_cred_store_new() -> Result<()> {
         let harness = SwtpmHarness::new()?;
-        let dir = TempDir::new("btnode").conv_err()?;
+        let dir = TempDir::new("btnode")?;
         let cookie_path = dir.path().join("cookie.bin");
         let store = TpmCredStore::new(harness.context()?, &cookie_path)?;
-        let cookie = File::open(&cookie_path).conv_err()?;
-        let metadata = cookie.metadata().conv_err()?;
+        let cookie = File::open(&cookie_path)?;
+        let metadata = cookie.metadata()?;
         let actual = metadata.permissions().mode();
         // Assert that the cookie can only be read by its owner.
         assert_eq!(0o600, 0o777 & actual);
@@ -1191,7 +1191,7 @@ active_pcr_banks = sha256
     #[test]
     fn gen_creds() -> Result<()> {
         let harness = SwtpmHarness::new()?;
-        let dir = TempDir::new("btnode").conv_err()?;
+        let dir = TempDir::new("btnode")?;
         let cookie_path = dir.path().join("cookie.bin");
         let store = TpmCredStore::new(harness.context()?, &cookie_path)?;
         store.gen_node_creds()?;
@@ -1315,7 +1315,7 @@ active_pcr_banks = sha256
         let cookie = Cookie::random()?;
         let params = KeyBuilder::new(Sign::RSA_PSS_3072_SHA_256, cookie.as_slice());
         let pair = store.gen_key(params)?;
-        let mut guard = store.state.write().conv_err()?;
+        let mut guard = store.state.write()?;
         guard.context.persist_key(pair.private)?;
         Ok(())
     }