| Shawn Willden | 26aaa76 | 2015-02-07 00:31:41 -0700 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "openssl_err.h" |
| 18 | |
| 19 | #include <openssl/err.h> |
| 20 | #include <openssl/evp.h> |
| 21 | |
| 22 | #include <hardware/keymaster_defs.h> |
| 23 | #include <keymaster/logger.h> |
| 24 | |
| 25 | namespace keymaster { |
| 26 | |
| 27 | static keymaster_error_t TranslateEvpError(int reason); |
| 28 | |
| 29 | keymaster_error_t TranslateLastOpenSslError(bool log_message) { |
| 30 | unsigned long error = ERR_peek_last_error(); |
| 31 | |
| 32 | if (log_message) { |
| 33 | LOG_D("%s", ERR_error_string(error, NULL)); |
| 34 | } |
| 35 | |
| 36 | int reason = ERR_GET_REASON(error); |
| 37 | switch (ERR_GET_LIB(error)) { |
| 38 | |
| 39 | case ERR_LIB_EVP: |
| 40 | return TranslateEvpError(reason); |
| 41 | |
| 42 | case ERR_LIB_ASN1: |
| 43 | // TODO(swillden): Consider a better return code. |
| 44 | return KM_ERROR_INVALID_ARGUMENT; |
| 45 | } |
| 46 | |
| 47 | return KM_ERROR_UNKNOWN_ERROR; |
| 48 | } |
| 49 | |
| 50 | keymaster_error_t TranslateEvpError(int reason) { |
| 51 | switch (reason) { |
| 52 | |
| 53 | case EVP_R_UNKNOWN_DIGEST: |
| 54 | return KM_ERROR_UNSUPPORTED_DIGEST; |
| 55 | |
| 56 | case EVP_R_UNSUPPORTED_PRF: |
| 57 | case EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM: |
| 58 | case EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION: |
| 59 | case EVP_R_UNSUPPORTED_SALT_TYPE: |
| 60 | case EVP_R_UNKNOWN_PBE_ALGORITHM: |
| 61 | case EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS: |
| 62 | case EVP_R_UNSUPPORTED_ALGORITHM: |
| 63 | case EVP_R_UNSUPPORTED_CIPHER: |
| 64 | case EVP_R_OPERATON_NOT_INITIALIZED: |
| 65 | case EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE: |
| 66 | case EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE: |
| 67 | case EVP_R_UNKNOWN_CIPHER: |
| 68 | return KM_ERROR_UNSUPPORTED_ALGORITHM; |
| 69 | |
| 70 | case EVP_R_UNKNOWN_OPTION: |
| 71 | case EVP_R_TOO_LARGE: |
| 72 | case EVP_R_KEYGEN_FAILURE: |
| 73 | case EVP_R_NO_OPERATION_SET: |
| 74 | case EVP_R_NO_SIGN_FUNCTION_CONFIGURED: |
| 75 | case EVP_R_NO_VERIFY_FUNCTION_CONFIGURED: |
| 76 | case EVP_R_MESSAGE_DIGEST_IS_NULL: |
| 77 | case EVP_R_METHOD_NOT_SUPPORTED: |
| 78 | case EVP_R_INVALID_OPERATION: |
| 79 | case EVP_R_IV_TOO_LARGE: |
| 80 | case EVP_R_NO_KEY_SET: |
| 81 | case EVP_R_NO_CIPHER_SET: |
| 82 | case EVP_R_NO_DEFAULT_DIGEST: |
| 83 | case EVP_R_NO_DIGEST_SET: |
| 84 | case EVP_R_EVP_PBE_CIPHERINIT_ERROR: |
| 85 | case EVP_R_INITIALIZATION_ERROR: |
| 86 | case EVP_R_INPUT_NOT_INITIALIZED: |
| 87 | case EVP_R_CAMELLIA_KEY_SETUP_FAILED: |
| 88 | case EVP_R_AES_IV_SETUP_FAILED: |
| 89 | case EVP_R_AES_KEY_SETUP_FAILED: |
| 90 | case EVP_R_FIPS_MODE_NOT_SUPPORTED: |
| 91 | case EVP_R_ASN1_LIB: |
| 92 | case EVP_R_COMMAND_NOT_SUPPORTED: |
| 93 | case EVP_R_CTRL_NOT_IMPLEMENTED: |
| 94 | case EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED: |
| 95 | case EVP_R_DISABLED_FOR_FIPS: |
| 96 | case EVP_R_ERROR_SETTING_FIPS_MODE: |
| 97 | case EVP_R_INVALID_FIPS_MODE: |
| 98 | return KM_ERROR_UNKNOWN_ERROR; |
| 99 | |
| 100 | case EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH: |
| 101 | case EVP_R_WRONG_FINAL_BLOCK_LENGTH: |
| 102 | return KM_ERROR_INVALID_INPUT_LENGTH; |
| 103 | |
| 104 | case EVP_R_UNSUPPORTED_KEYLENGTH: |
| 105 | case EVP_R_BAD_KEY_LENGTH: |
| 106 | return KM_ERROR_UNSUPPORTED_KEY_SIZE; |
| 107 | |
| 108 | case EVP_R_BAD_BLOCK_LENGTH: |
| 109 | case EVP_R_BN_DECODE_ERROR: |
| 110 | case EVP_R_BN_PUBKEY_ERROR: |
| 111 | case EVP_R_BUFFER_TOO_SMALL: |
| 112 | case EVP_R_CIPHER_PARAMETER_ERROR: |
| 113 | case EVP_R_ERROR_LOADING_SECTION: |
| 114 | case EVP_R_EXPECTING_AN_RSA_KEY: |
| 115 | case EVP_R_EXPECTING_A_DH_KEY: |
| 116 | case EVP_R_EXPECTING_A_DSA_KEY: |
| 117 | case EVP_R_EXPECTING_A_ECDSA_KEY: |
| 118 | case EVP_R_EXPECTING_A_EC_KEY: |
| 119 | case EVP_R_INVALID_DIGEST: |
| 120 | case EVP_R_INVALID_KEY_LENGTH: |
| 121 | case EVP_R_MISSING_PARAMETERS: |
| 122 | case EVP_R_NO_DSA_PARAMETERS: |
| 123 | case EVP_R_PRIVATE_KEY_DECODE_ERROR: |
| 124 | case EVP_R_PRIVATE_KEY_ENCODE_ERROR: |
| 125 | case EVP_R_PUBLIC_KEY_NOT_RSA: |
| 126 | case EVP_R_WRONG_PUBLIC_KEY_TYPE: |
| 127 | return KM_ERROR_INVALID_KEY_BLOB; |
| 128 | |
| 129 | case EVP_R_BAD_DECRYPT: |
| 130 | case EVP_R_DIFFERENT_PARAMETERS: |
| 131 | case EVP_R_DECODE_ERROR: |
| 132 | case EVP_R_ENCODE_ERROR: |
| 133 | return KM_ERROR_INVALID_ARGUMENT; |
| 134 | |
| 135 | case EVP_R_DIFFERENT_KEY_TYPES: |
| 136 | return KM_ERROR_INCOMPATIBLE_ALGORITHM; |
| 137 | } |
| 138 | |
| 139 | return KM_ERROR_UNKNOWN_ERROR; |
| 140 | } |
| 141 | |
| 142 | } // namespace keymaster |