Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / a5fce68dfa30f6a6da030ff0bde1ac3771e58b72 / . / openssl_err.cpp
blob: 4584716880000f5004805884bf53300d163dc162 [file] [log] [blame]
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "openssl_err.h"
18
19#include <openssl/err.h>
20#include <openssl/evp.h>
21
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]22#if defined(OPENSSL_IS_BORINGSSL)
23#include <openssl/asn1.h>
24#include <openssl/cipher.h>
25#include <openssl/pkcs8.h>
26#include <openssl/x509v3.h>
27#endif
28
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]29#include <hardware/keymaster_defs.h>
30#include <keymaster/logger.h>
31
32namespace keymaster {
33
34static keymaster_error_t TranslateEvpError(int reason);
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]35#if defined(OPENSSL_IS_BORINGSSL)
36static keymaster_error_t TranslateASN1Error(int reason);
37static keymaster_error_t TranslateCipherError(int reason);
38static keymaster_error_t TranslatePKCS8Error(int reason);
39static keymaster_error_t TranslateX509v3Error(int reason);
40#endif
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]41
42keymaster_error_t TranslateLastOpenSslError(bool log_message) {
43 unsigned long error = ERR_peek_last_error();
44
45 if (log_message) {
46 LOG_D("%s", ERR_error_string(error, NULL));
47 }
48
49 int reason = ERR_GET_REASON(error);
50 switch (ERR_GET_LIB(error)) {
51
52 case ERR_LIB_EVP:
53 return TranslateEvpError(reason);
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]54#if defined(OPENSSL_IS_BORINGSSL)
55 case ERR_LIB_ASN1:
56 return TranslateASN1Error(reason);
57 case ERR_LIB_CIPHER:
58 return TranslateCipherError(reason);
59 case ERR_LIB_PKCS8:
60 return TranslatePKCS8Error(reason);
61 case ERR_LIB_X509V3:
62 return TranslateX509v3Error(reason);
63#else
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]64 case ERR_LIB_ASN1:
65 // TODO(swillden): Consider a better return code.
66 return KM_ERROR_INVALID_ARGUMENT;
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]67#endif
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]68 }
69
70 return KM_ERROR_UNKNOWN_ERROR;
71}
72
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]73#if defined(OPENSSL_IS_BORINGSSL)
74
75keymaster_error_t TranslatePKCS8Error(int reason) {
76 switch (reason) {
77 case PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:
78 case PKCS8_R_UNKNOWN_CIPHER:
79 return KM_ERROR_UNSUPPORTED_ALGORITHM;
80
81 case PKCS8_R_PRIVATE_KEY_ENCODE_ERROR:
82 case PKCS8_R_PRIVATE_KEY_DECODE_ERROR:
83 return KM_ERROR_INVALID_KEY_BLOB;
84
85 case PKCS8_R_ENCODE_ERROR:
86 return KM_ERROR_INVALID_ARGUMENT;
87
88 default:
89 return KM_ERROR_UNKNOWN_ERROR;
90 }
91}
92
93keymaster_error_t TranslateCipherError(int reason) {
94 switch (reason) {
95 case CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
96 case CIPHER_R_WRONG_FINAL_BLOCK_LENGTH:
97 return KM_ERROR_INVALID_INPUT_LENGTH;
98
99 case CIPHER_R_UNSUPPORTED_KEY_SIZE:
100 case CIPHER_R_BAD_KEY_LENGTH:
101 return KM_ERROR_UNSUPPORTED_KEY_SIZE;
102
103 case CIPHER_R_BAD_DECRYPT:
104 return KM_ERROR_INVALID_ARGUMENT;
105
106 case CIPHER_R_INVALID_KEY_LENGTH:
107 return KM_ERROR_INVALID_KEY_BLOB;
108
109 default:
110 return KM_ERROR_UNKNOWN_ERROR;
111 }
112}
113
114keymaster_error_t TranslateASN1Error(int reason) {
115 switch (reason) {
116 case ASN1_R_UNSUPPORTED_CIPHER:
117 return KM_ERROR_UNSUPPORTED_ALGORITHM;
118
119 case ASN1_R_ERROR_LOADING_SECTION:
120 return KM_ERROR_INVALID_KEY_BLOB;
121
122 case ASN1_R_ENCODE_ERROR:
123 return KM_ERROR_INVALID_ARGUMENT;
124
125 default:
126 return KM_ERROR_UNKNOWN_ERROR;
127 }
128}
129
130keymaster_error_t TranslateX509v3Error(int reason) {
131 switch (reason) {
132 case X509V3_R_UNKNOWN_OPTION:
133 return KM_ERROR_UNSUPPORTED_ALGORITHM;
134
135 default:
136 return KM_ERROR_UNKNOWN_ERROR;
137 }
138}
139
140#endif // OPENSSL_IS_BORINGSSL
141
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]142keymaster_error_t TranslateEvpError(int reason) {
143 switch (reason) {
144
145 case EVP_R_UNKNOWN_DIGEST:
146 return KM_ERROR_UNSUPPORTED_DIGEST;
147
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]148#if !defined(OPENSSL_IS_BORINGSSL)
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]149 case EVP_R_UNSUPPORTED_PRF:
150 case EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:
151 case EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION:
152 case EVP_R_UNSUPPORTED_SALT_TYPE:
153 case EVP_R_UNKNOWN_PBE_ALGORITHM:
154 case EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]155 case EVP_R_UNSUPPORTED_CIPHER:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]156 case EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]157 case EVP_R_UNKNOWN_CIPHER:
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]158#endif
159 case EVP_R_UNSUPPORTED_ALGORITHM:
160 case EVP_R_OPERATON_NOT_INITIALIZED:
161 case EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]162 return KM_ERROR_UNSUPPORTED_ALGORITHM;
163
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]164#if !defined(OPENSSL_IS_BORINGSSL)
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]165 case EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
166 case EVP_R_WRONG_FINAL_BLOCK_LENGTH:
167 return KM_ERROR_INVALID_INPUT_LENGTH;
168
169 case EVP_R_UNSUPPORTED_KEYLENGTH:
170 case EVP_R_BAD_KEY_LENGTH:
171 return KM_ERROR_UNSUPPORTED_KEY_SIZE;
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]172#endif
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]173
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]174#if !defined(OPENSSL_IS_BORINGSSL)
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]175 case EVP_R_BAD_BLOCK_LENGTH:
176 case EVP_R_BN_DECODE_ERROR:
177 case EVP_R_BN_PUBKEY_ERROR:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]178 case EVP_R_CIPHER_PARAMETER_ERROR:
179 case EVP_R_ERROR_LOADING_SECTION:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]180 case EVP_R_EXPECTING_A_ECDSA_KEY:
181 case EVP_R_EXPECTING_A_EC_KEY:
182 case EVP_R_INVALID_DIGEST:
183 case EVP_R_INVALID_KEY_LENGTH:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]184 case EVP_R_NO_DSA_PARAMETERS:
185 case EVP_R_PRIVATE_KEY_DECODE_ERROR:
186 case EVP_R_PRIVATE_KEY_ENCODE_ERROR:
187 case EVP_R_PUBLIC_KEY_NOT_RSA:
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]188#endif
189 case EVP_R_BUFFER_TOO_SMALL:
190 case EVP_R_EXPECTING_AN_RSA_KEY:
191 case EVP_R_EXPECTING_A_DH_KEY:
192 case EVP_R_EXPECTING_A_DSA_KEY:
193 case EVP_R_MISSING_PARAMETERS:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]194 case EVP_R_WRONG_PUBLIC_KEY_TYPE:
195 return KM_ERROR_INVALID_KEY_BLOB;
196
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]197#if !defined(OPENSSL_IS_BORINGSSL)
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]198 case EVP_R_BAD_DECRYPT:
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame^]199 case EVP_R_ENCODE_ERROR:
200#endif
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]201 case EVP_R_DIFFERENT_PARAMETERS:
202 case EVP_R_DECODE_ERROR:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]203 return KM_ERROR_INVALID_ARGUMENT;
204
205 case EVP_R_DIFFERENT_KEY_TYPES:
206 return KM_ERROR_INCOMPATIBLE_ALGORITHM;
207 }
208
209 return KM_ERROR_UNKNOWN_ERROR;
210}
211
212} // namespace keymaster