Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / refs/heads/nougat-dev / . / openssl_err.cpp
blob: cd4ba20de8de7033f4433a4f1a2223c96ad1f59c [file] [log] [blame]
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "openssl_err.h"
18
Shawn Willdende4ffa92015-05-05 07:15:24 -0600[diff] [blame]19#include <openssl/err.h>
20#include <openssl/evp.h>
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]21
22#if defined(OPENSSL_IS_BORINGSSL)
23#include <openssl/asn1.h>
24#include <openssl/cipher.h>
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]25#include <openssl/pkcs8.h>
26#include <openssl/x509v3.h>
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]27#endif
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]28
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]29#include <hardware/keymaster_defs.h>
30#include <keymaster/logger.h>
31
32namespace keymaster {
33
34static keymaster_error_t TranslateEvpError(int reason);
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]35#if defined(OPENSSL_IS_BORINGSSL)
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]36static keymaster_error_t TranslateASN1Error(int reason);
37static keymaster_error_t TranslateCipherError(int reason);
38static keymaster_error_t TranslatePKCS8Error(int reason);
39static keymaster_error_t TranslateX509v3Error(int reason);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]40static keymaster_error_t TranslateRsaError(int reason);
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]41#endif
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]42
43keymaster_error_t TranslateLastOpenSslError(bool log_message) {
44 unsigned long error = ERR_peek_last_error();
45
46 if (log_message) {
47 LOG_D("%s", ERR_error_string(error, NULL));
48 }
49
50 int reason = ERR_GET_REASON(error);
Shawn Willden239c1662016-01-05 17:06:56 -0700[diff] [blame]51
52 /* Handle global error reasons */
53 switch (reason) {
54 case ERR_R_MALLOC_FAILURE:
55 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
56 case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED:
57 case ERR_R_PASSED_NULL_PARAMETER:
58 case ERR_R_INTERNAL_ERROR:
59 case ERR_R_OVERFLOW:
60 return KM_ERROR_UNKNOWN_ERROR;
61 default:
62 break;
63 }
64
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]65 switch (ERR_GET_LIB(error)) {
Shawn Willdene9fb0872015-10-23 10:11:40 -0600[diff] [blame]66 case ERR_LIB_USER:
67 return static_cast<keymaster_error_t>(reason);
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]68 case ERR_LIB_EVP:
69 return TranslateEvpError(reason);
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]70#if defined(OPENSSL_IS_BORINGSSL)
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]71 case ERR_LIB_ASN1:
72 return TranslateASN1Error(reason);
73 case ERR_LIB_CIPHER:
74 return TranslateCipherError(reason);
75 case ERR_LIB_PKCS8:
76 return TranslatePKCS8Error(reason);
77 case ERR_LIB_X509V3:
78 return TranslateX509v3Error(reason);
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]79 case ERR_LIB_RSA:
80 return TranslateRsaError(reason);
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]81#else
82 case ERR_LIB_ASN1:
83 LOG_E("ASN.1 parsing error %d", reason);
84 return KM_ERROR_INVALID_ARGUMENT;
85#endif
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]86 }
87
Shawn Willdenf01329d2015-03-11 21:51:38 -0600[diff] [blame]88 LOG_E("Openssl error %d, %d", ERR_GET_LIB(error), reason);
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]89 return KM_ERROR_UNKNOWN_ERROR;
90}
91
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]92#if defined(OPENSSL_IS_BORINGSSL)
93
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]94keymaster_error_t TranslatePKCS8Error(int reason) {
95 switch (reason) {
96 case PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:
97 case PKCS8_R_UNKNOWN_CIPHER:
98 return KM_ERROR_UNSUPPORTED_ALGORITHM;
99
100 case PKCS8_R_PRIVATE_KEY_ENCODE_ERROR:
101 case PKCS8_R_PRIVATE_KEY_DECODE_ERROR:
102 return KM_ERROR_INVALID_KEY_BLOB;
103
104 case PKCS8_R_ENCODE_ERROR:
105 return KM_ERROR_INVALID_ARGUMENT;
106
107 default:
108 return KM_ERROR_UNKNOWN_ERROR;
109 }
110}
111
112keymaster_error_t TranslateCipherError(int reason) {
113 switch (reason) {
114 case CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
115 case CIPHER_R_WRONG_FINAL_BLOCK_LENGTH:
116 return KM_ERROR_INVALID_INPUT_LENGTH;
117
118 case CIPHER_R_UNSUPPORTED_KEY_SIZE:
119 case CIPHER_R_BAD_KEY_LENGTH:
120 return KM_ERROR_UNSUPPORTED_KEY_SIZE;
121
122 case CIPHER_R_BAD_DECRYPT:
123 return KM_ERROR_INVALID_ARGUMENT;
124
125 case CIPHER_R_INVALID_KEY_LENGTH:
126 return KM_ERROR_INVALID_KEY_BLOB;
127
128 default:
129 return KM_ERROR_UNKNOWN_ERROR;
130 }
131}
132
133keymaster_error_t TranslateASN1Error(int reason) {
134 switch (reason) {
Adam Langleyc3326552015-04-28 13:20:52 -0700[diff] [blame]135#if !defined(OPENSSL_IS_BORINGSSL)
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]136 case ASN1_R_UNSUPPORTED_CIPHER:
137 return KM_ERROR_UNSUPPORTED_ALGORITHM;
138
139 case ASN1_R_ERROR_LOADING_SECTION:
140 return KM_ERROR_INVALID_KEY_BLOB;
Adam Langleyc3326552015-04-28 13:20:52 -0700[diff] [blame]141#endif
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]142
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]143 case ASN1_R_ENCODE_ERROR:
144 return KM_ERROR_INVALID_ARGUMENT;
145
146 default:
147 return KM_ERROR_UNKNOWN_ERROR;
148 }
149}
150
151keymaster_error_t TranslateX509v3Error(int reason) {
152 switch (reason) {
153 case X509V3_R_UNKNOWN_OPTION:
154 return KM_ERROR_UNSUPPORTED_ALGORITHM;
155
156 default:
157 return KM_ERROR_UNKNOWN_ERROR;
158 }
159}
160
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]161keymaster_error_t TranslateRsaError(int reason) {
162 switch (reason) {
Shawn Willden7d05d882015-07-10 14:03:14 -0600[diff] [blame]163 case RSA_R_KEY_SIZE_TOO_SMALL:
164 LOG_W("RSA key is too small to use with selected padding/digest", 0);
165 return KM_ERROR_INCOMPATIBLE_PADDING_MODE;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]166 case RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:
167 case RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:
168 return KM_ERROR_INVALID_INPUT_LENGTH;
Shawn Willdenc0a63802015-07-29 16:43:17 -0600[diff] [blame]169 case RSA_R_DATA_TOO_LARGE_FOR_MODULUS:
170 return KM_ERROR_INVALID_ARGUMENT;
Shawn Willden2bf4ad32015-06-01 07:33:51 -0600[diff] [blame]171 default:
172 return KM_ERROR_UNKNOWN_ERROR;
173 };
174}
175
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]176#endif // OPENSSL_IS_BORINGSSL
177
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]178keymaster_error_t TranslateEvpError(int reason) {
179 switch (reason) {
180
181 case EVP_R_UNKNOWN_DIGEST:
182 return KM_ERROR_UNSUPPORTED_DIGEST;
183
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]184#if !defined(OPENSSL_IS_BORINGSSL)
185 case EVP_R_UNSUPPORTED_PRF:
186 case EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:
187 case EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION:
188 case EVP_R_UNSUPPORTED_SALT_TYPE:
189 case EVP_R_UNKNOWN_PBE_ALGORITHM:
190 case EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS:
191 case EVP_R_UNSUPPORTED_CIPHER:
192 case EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE:
193 case EVP_R_UNKNOWN_CIPHER:
194#endif
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]195 case EVP_R_UNSUPPORTED_ALGORITHM:
196 case EVP_R_OPERATON_NOT_INITIALIZED:
197 case EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]198 return KM_ERROR_UNSUPPORTED_ALGORITHM;
199
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]200#if !defined(OPENSSL_IS_BORINGSSL)
201 case EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
202 case EVP_R_WRONG_FINAL_BLOCK_LENGTH:
203 return KM_ERROR_INVALID_INPUT_LENGTH;
204
205 case EVP_R_UNSUPPORTED_KEYLENGTH:
206 case EVP_R_BAD_KEY_LENGTH:
207 return KM_ERROR_UNSUPPORTED_KEY_SIZE;
208#endif
209
210#if !defined(OPENSSL_IS_BORINGSSL)
211 case EVP_R_BAD_BLOCK_LENGTH:
212 case EVP_R_BN_DECODE_ERROR:
213 case EVP_R_BN_PUBKEY_ERROR:
214 case EVP_R_CIPHER_PARAMETER_ERROR:
215 case EVP_R_ERROR_LOADING_SECTION:
216 case EVP_R_EXPECTING_A_ECDSA_KEY:
217 case EVP_R_EXPECTING_A_EC_KEY:
218 case EVP_R_INVALID_DIGEST:
219 case EVP_R_INVALID_KEY_LENGTH:
220 case EVP_R_NO_DSA_PARAMETERS:
221 case EVP_R_PRIVATE_KEY_DECODE_ERROR:
222 case EVP_R_PRIVATE_KEY_ENCODE_ERROR:
223 case EVP_R_PUBLIC_KEY_NOT_RSA:
224#endif
Adam Langleya5fce682015-02-26 13:33:18 -0800[diff] [blame]225 case EVP_R_BUFFER_TOO_SMALL:
226 case EVP_R_EXPECTING_AN_RSA_KEY:
227 case EVP_R_EXPECTING_A_DH_KEY:
228 case EVP_R_EXPECTING_A_DSA_KEY:
229 case EVP_R_MISSING_PARAMETERS:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]230 case EVP_R_WRONG_PUBLIC_KEY_TYPE:
231 return KM_ERROR_INVALID_KEY_BLOB;
232
Shawn Willdend79791b2015-05-09 12:48:36 +0000[diff] [blame]233#if !defined(OPENSSL_IS_BORINGSSL)
234 case EVP_R_BAD_DECRYPT:
235 case EVP_R_ENCODE_ERROR:
236#endif
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]237 case EVP_R_DIFFERENT_PARAMETERS:
238 case EVP_R_DECODE_ERROR:
Shawn Willden26aaa762015-02-07 00:31:41 -0700[diff] [blame]239 return KM_ERROR_INVALID_ARGUMENT;
240
241 case EVP_R_DIFFERENT_KEY_TYPES:
242 return KM_ERROR_INCOMPATIBLE_ALGORITHM;
243 }
244
245 return KM_ERROR_UNKNOWN_ERROR;
246}
247
248} // namespace keymaster