Skip to content

Commit

Permalink
[PAL,LibOS,common] Convert PAL errors to negative values
Browse files Browse the repository at this point in the history
Signed-off-by: Mariusz Zaborski <oshogbo@invisiblethingslab.com>
  • Loading branch information
oshogbo committed Jul 30, 2024
1 parent f61dbdf commit 6167772
Show file tree
Hide file tree
Showing 75 changed files with 762 additions and 755 deletions.
84 changes: 43 additions & 41 deletions common/include/pal_error.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,51 +12,53 @@

typedef enum NODISCARD {
PAL_ERROR_SUCCESS = 0,
PAL_ERROR_NOTIMPLEMENTED,
PAL_ERROR_NOTDEFINED,
PAL_ERROR_NOTSUPPORT,
PAL_ERROR_INVAL,
PAL_ERROR_TOOLONG,
PAL_ERROR_DENIED,
PAL_ERROR_BADHANDLE,
PAL_ERROR_STREAMEXIST,
PAL_ERROR_STREAMNOTEXIST,
PAL_ERROR_STREAMISFILE,
PAL_ERROR_STREAMISDIR,
PAL_ERROR_STREAMISDEVICE,
PAL_ERROR_INTERRUPTED,
PAL_ERROR_OVERFLOW,
PAL_ERROR_BADADDR,
PAL_ERROR_NOMEM,
PAL_ERROR_INCONSIST,
PAL_ERROR_TRYAGAIN,
PAL_ERROR_NOTSERVER,
PAL_ERROR_NOTCONNECTION,
PAL_ERROR_CONNFAILED,
PAL_ERROR_ADDRNOTEXIST,
PAL_ERROR_AFNOSUPPORT,
PAL_ERROR_CONNFAILED_PIPE,
PAL_ERROR_NOTIMPLEMENTED = -1,
PAL_ERROR_NOTDEFINED = -2,
PAL_ERROR_NOTSUPPORT = -3,
PAL_ERROR_INVAL = -4,
PAL_ERROR_TOOLONG = -5,
PAL_ERROR_DENIED = -6,
PAL_ERROR_BADHANDLE = -7,
PAL_ERROR_STREAMEXIST = -8,
PAL_ERROR_STREAMNOTEXIST = -9,
PAL_ERROR_STREAMISFILE = -10,
PAL_ERROR_STREAMISDIR = -11,
PAL_ERROR_STREAMISDEVICE = -12,
PAL_ERROR_INTERRUPTED = -13,
PAL_ERROR_OVERFLOW = -14,
PAL_ERROR_BADADDR = -15,
PAL_ERROR_NOMEM = -16,
PAL_ERROR_INCONSIST = -17,
PAL_ERROR_TRYAGAIN = -18,
PAL_ERROR_NOTSERVER = -19,
PAL_ERROR_NOTCONNECTION = -20,
PAL_ERROR_CONNFAILED = -21,
PAL_ERROR_ADDRNOTEXIST = -22,
PAL_ERROR_AFNOSUPPORT = -23,
PAL_ERROR_CONNFAILED_PIPE = -24,

#define PAL_ERROR_NATIVE_END (-PAL_ERROR_CONNFAILED_PIPE)
#define PAL_ERROR_NATIVE_COUNT (PAL_ERROR_NATIVE_END + 1)

#define PAL_ERROR_NATIVE_COUNT PAL_ERROR_CONNFAILED_PIPE
#define PAL_ERROR_CRYPTO_START PAL_ERROR_CRYPTO_FEATURE_UNAVAILABLE

/* Crypto error constants and their descriptions are adapted from mbedtls. */
PAL_ERROR_CRYPTO_FEATURE_UNAVAILABLE = 1000,
PAL_ERROR_CRYPTO_INVALID_CONTEXT,
PAL_ERROR_CRYPTO_INVALID_KEY_LENGTH,
PAL_ERROR_CRYPTO_INVALID_INPUT_LENGTH,
PAL_ERROR_CRYPTO_INVALID_OUTPUT_LENGTH,
PAL_ERROR_CRYPTO_BAD_INPUT_DATA,
PAL_ERROR_CRYPTO_INVALID_PADDING,
PAL_ERROR_CRYPTO_DATA_MISALIGNED,
PAL_ERROR_CRYPTO_INVALID_FORMAT,
PAL_ERROR_CRYPTO_AUTH_FAILED,
PAL_ERROR_CRYPTO_IO_ERROR,
PAL_ERROR_CRYPTO_KEY_GEN_FAILED,
PAL_ERROR_CRYPTO_INVALID_KEY,
PAL_ERROR_CRYPTO_VERIFY_FAILED,
PAL_ERROR_CRYPTO_RNG_FAILED,
PAL_ERROR_CRYPTO_INVALID_DH_STATE,
PAL_ERROR_CRYPTO_FEATURE_UNAVAILABLE = -100,
PAL_ERROR_CRYPTO_INVALID_CONTEXT = -101,
PAL_ERROR_CRYPTO_INVALID_KEY_LENGTH = -102,
PAL_ERROR_CRYPTO_INVALID_INPUT_LENGTH = -103,
PAL_ERROR_CRYPTO_INVALID_OUTPUT_LENGTH = -104,
PAL_ERROR_CRYPTO_BAD_INPUT_DATA = -105,
PAL_ERROR_CRYPTO_INVALID_PADDING = -106,
PAL_ERROR_CRYPTO_DATA_MISALIGNED = -107,
PAL_ERROR_CRYPTO_INVALID_FORMAT = -108,
PAL_ERROR_CRYPTO_AUTH_FAILED = -109,
PAL_ERROR_CRYPTO_IO_ERROR = -110,
PAL_ERROR_CRYPTO_KEY_GEN_FAILED = -111,
PAL_ERROR_CRYPTO_INVALID_KEY = -112,
PAL_ERROR_CRYPTO_VERIFY_FAILED = -113,
PAL_ERROR_CRYPTO_RNG_FAILED = -114,
PAL_ERROR_CRYPTO_INVALID_DH_STATE = -115,
#define PAL_ERROR_CRYPTO_END PAL_ERROR_CRYPTO_INVALID_DH_STATE
} pal_error_t;

Expand Down
60 changes: 30 additions & 30 deletions common/src/crypto/adapters/mbedtls_adapter.c
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,16 @@ static int mbedtls_to_pal_error(int error) {
return 0;

case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
return -PAL_ERROR_CRYPTO_INVALID_KEY_LENGTH;
return PAL_ERROR_CRYPTO_INVALID_KEY_LENGTH;

case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
return -PAL_ERROR_CRYPTO_INVALID_INPUT_LENGTH;
return PAL_ERROR_CRYPTO_INVALID_INPUT_LENGTH;

case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
return -PAL_ERROR_CRYPTO_FEATURE_UNAVAILABLE;
return PAL_ERROR_CRYPTO_FEATURE_UNAVAILABLE;

case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
case MBEDTLS_ERR_DHM_BAD_INPUT_DATA:
Expand All @@ -50,72 +50,72 @@ static int mbedtls_to_pal_error(int error) {
case MBEDTLS_ERR_RSA_PUBLIC_FAILED: // see mbedtls_rsa_public()
case MBEDTLS_ERR_RSA_PRIVATE_FAILED: // see mbedtls_rsa_private()
case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
return -PAL_ERROR_CRYPTO_BAD_INPUT_DATA;
return PAL_ERROR_CRYPTO_BAD_INPUT_DATA;

case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
return -PAL_ERROR_CRYPTO_INVALID_OUTPUT_LENGTH;
return PAL_ERROR_CRYPTO_INVALID_OUTPUT_LENGTH;

case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
case MBEDTLS_ERR_DHM_ALLOC_FAILED:
case MBEDTLS_ERR_MD_ALLOC_FAILED:
case MBEDTLS_ERR_SSL_ALLOC_FAILED:
case MBEDTLS_ERR_PK_ALLOC_FAILED:
case MBEDTLS_ERR_ECP_ALLOC_FAILED:
return -PAL_ERROR_NOMEM;
return PAL_ERROR_NOMEM;

case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
case MBEDTLS_ERR_RSA_INVALID_PADDING:
return -PAL_ERROR_CRYPTO_INVALID_PADDING;
return PAL_ERROR_CRYPTO_INVALID_PADDING;

case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
return -PAL_ERROR_CRYPTO_AUTH_FAILED;
return PAL_ERROR_CRYPTO_AUTH_FAILED;

case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
return -PAL_ERROR_CRYPTO_INVALID_CONTEXT;
return PAL_ERROR_CRYPTO_INVALID_CONTEXT;

case MBEDTLS_ERR_DHM_READ_PARAMS_FAILED:
case MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED:
case MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED:
case MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED:
case MBEDTLS_ERR_DHM_CALC_SECRET_FAILED:
return -PAL_ERROR_CRYPTO_INVALID_DH_STATE;
return PAL_ERROR_CRYPTO_INVALID_DH_STATE;

case MBEDTLS_ERR_DHM_INVALID_FORMAT:
return -PAL_ERROR_CRYPTO_INVALID_FORMAT;
return PAL_ERROR_CRYPTO_INVALID_FORMAT;

case MBEDTLS_ERR_DHM_FILE_IO_ERROR:
case MBEDTLS_ERR_MD_FILE_IO_ERROR:
return -PAL_ERROR_CRYPTO_IO_ERROR;
return PAL_ERROR_CRYPTO_IO_ERROR;

case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
return -PAL_ERROR_CRYPTO_KEY_GEN_FAILED;
return PAL_ERROR_CRYPTO_KEY_GEN_FAILED;

case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
case MBEDTLS_ERR_ECP_INVALID_KEY:
return -PAL_ERROR_CRYPTO_INVALID_KEY;
return PAL_ERROR_CRYPTO_INVALID_KEY;

case MBEDTLS_ERR_RSA_VERIFY_FAILED:
case MBEDTLS_ERR_ECP_VERIFY_FAILED:
case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH:
return -PAL_ERROR_CRYPTO_VERIFY_FAILED;
return PAL_ERROR_CRYPTO_VERIFY_FAILED;

case MBEDTLS_ERR_RSA_RNG_FAILED:
case MBEDTLS_ERR_ECP_RANDOM_FAILED:
return -PAL_ERROR_CRYPTO_RNG_FAILED;
return PAL_ERROR_CRYPTO_RNG_FAILED;

case MBEDTLS_ERR_SSL_WANT_READ:
case MBEDTLS_ERR_SSL_WANT_WRITE:
case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
case MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS:
case MBEDTLS_ERR_ECP_IN_PROGRESS:
return -PAL_ERROR_TRYAGAIN;
return PAL_ERROR_TRYAGAIN;

case MBEDTLS_ERR_NET_CONN_RESET:
return -PAL_ERROR_CONNFAILED_PIPE;
return PAL_ERROR_CONNFAILED_PIPE;

default:
return -PAL_ERROR_DENIED;
return PAL_ERROR_DENIED;
}
}

Expand All @@ -129,7 +129,7 @@ int lib_SHA256Update(LIB_SHA256_CONTEXT* context, const uint8_t* data, size_t da
/* For compatibility with other SHA256 providers, don't support
* large lengths. */
if (data_size > UINT32_MAX) {
return -PAL_ERROR_INVAL;
return PAL_ERROR_INVAL;
}
mbedtls_sha256_update(context, data, data_size);
return 0;
Expand All @@ -147,7 +147,7 @@ int lib_SHA256Final(LIB_SHA256_CONTEXT* context, uint8_t* output) {
int lib_AESGCMEncrypt(const uint8_t* key, size_t key_size, const uint8_t* iv, const uint8_t* input,
size_t input_size, const uint8_t* aad, size_t aad_size, uint8_t* output,
uint8_t* tag, size_t tag_size) {
int ret = -PAL_ERROR_INVAL;
int ret = PAL_ERROR_INVAL;

mbedtls_gcm_context gcm;
mbedtls_gcm_init(&gcm);
Expand Down Expand Up @@ -175,7 +175,7 @@ int lib_AESGCMEncrypt(const uint8_t* key, size_t key_size, const uint8_t* iv, co
int lib_AESGCMDecrypt(const uint8_t* key, size_t key_size, const uint8_t* iv, const uint8_t* input,
size_t input_size, const uint8_t* aad, size_t aad_size, uint8_t* output,
const uint8_t* tag, size_t tag_size) {
int ret = -PAL_ERROR_INVAL;
int ret = PAL_ERROR_INVAL;

mbedtls_gcm_context gcm;
mbedtls_gcm_init(&gcm);
Expand Down Expand Up @@ -215,13 +215,13 @@ int lib_AESCMAC(const uint8_t* key, size_t key_size, const uint8_t* input, size_
cipher = MBEDTLS_CIPHER_AES_256_ECB;
break;
default:
return -PAL_ERROR_INVAL;
return PAL_ERROR_INVAL;
}

const mbedtls_cipher_info_t* cipher_info = mbedtls_cipher_info_from_type(cipher);

if (!cipher_info || mac_size < mbedtls_cipher_info_get_block_size(cipher_info)) {
return -PAL_ERROR_INVAL;
return PAL_ERROR_INVAL;
}

int ret = mbedtls_cipher_cmac(cipher_info, key, key_size * BITS_IN_BYTE, input, input_size,
Expand All @@ -241,7 +241,7 @@ int lib_AESCMACInit(LIB_AESCMAC_CONTEXT* context, const uint8_t* key, size_t key
context->cipher = MBEDTLS_CIPHER_AES_256_ECB;
break;
default:
return -PAL_ERROR_INVAL;
return PAL_ERROR_INVAL;
}

const mbedtls_cipher_info_t* cipher_info = mbedtls_cipher_info_from_type(context->cipher);
Expand All @@ -262,7 +262,7 @@ int lib_AESCMACUpdate(LIB_AESCMAC_CONTEXT* context, const uint8_t* input, size_t
int lib_AESCMACFinish(LIB_AESCMAC_CONTEXT* context, uint8_t* mac, size_t mac_size) {
const mbedtls_cipher_info_t* cipher_info = mbedtls_cipher_info_from_type(context->cipher);

int ret = -PAL_ERROR_INVAL;
int ret = PAL_ERROR_INVAL;
if (!cipher_info || mac_size < mbedtls_cipher_info_get_block_size(cipher_info))
goto exit;

Expand Down Expand Up @@ -428,9 +428,9 @@ int lib_SSLWrite(LIB_SSL_CONTEXT* ssl_ctx, const uint8_t* buf, size_t buf_size)
int lib_SSLSave(LIB_SSL_CONTEXT* ssl_ctx, uint8_t* buf, size_t buf_size, size_t* out_size) {
int ret = mbedtls_ssl_context_save(&ssl_ctx->ssl, buf, buf_size, out_size);
if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
return -PAL_ERROR_NOMEM;
return PAL_ERROR_NOMEM;
} else if (ret < 0) {
return -PAL_ERROR_DENIED;
return PAL_ERROR_DENIED;
}
return 0;
}
Expand Down Expand Up @@ -470,7 +470,7 @@ int lib_DhInit(LIB_DH_CONTEXT* context) {

int lib_DhCreatePublic(LIB_DH_CONTEXT* context, uint8_t* public, size_t public_size) {
if (public_size != DH_SIZE)
return -PAL_ERROR_INVAL;
return PAL_ERROR_INVAL;

int ret = mbedtls_dhm_make_public(context, mbedtls_dhm_get_len(context), public, public_size,
random_wrapper, /*p_rng=*/NULL);
Expand All @@ -482,7 +482,7 @@ int lib_DhCalcSecret(LIB_DH_CONTEXT* context, uint8_t* peer, size_t peer_size, u
int ret;

if (*secret_size != DH_SIZE)
return -PAL_ERROR_INVAL;
return PAL_ERROR_INVAL;

ret = mbedtls_dhm_read_public(context, peer, peer_size);
if (ret < 0)
Expand Down
Loading

0 comments on commit 6167772

Please sign in to comment.