From 3798b6be6be7a8a9b3ecd1f7e43df3a72382f365 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 May 2018 13:27:45 +0200 Subject: [PATCH] Add some error codes and merge others - need HW failure codes too - re-use relevant poly codes for chachapoly to save on limited space Values were chosen to leave 3 free slots at the end of the NET odd range. --- include/mbedtls/chacha20.h | 5 ++- include/mbedtls/chachapoly.h | 23 +++++------ include/mbedtls/error.h | 8 ++-- include/mbedtls/poly1305.h | 1 + library/chachapoly.c | 16 +++---- library/error.c | 8 ++-- tests/suites/test_suite_chachapoly.function | 46 ++++++++++----------- 7 files changed, 54 insertions(+), 53 deletions(-) diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 7a8cd531e5..c33aef371a 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -42,8 +42,9 @@ #include #include -#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0053 /**< Invalid input parameter(s). */ -#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE -0x0055 /**< Feature not available. For example, s part of the API is not implemented. */ +#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051 /**< Invalid input parameter(s). */ +#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE -0x0053 /**< Feature not available. For example, s part of the API is not implemented. */ +#define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED -0x0055 /**< Chacha20 hardware accelerator failed. */ #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index a55a3eea20..ae786e045a 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -39,11 +39,11 @@ #include MBEDTLS_CONFIG_FILE #endif -#define MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA -0x0054 /**< Invalid input parameter(s). */ -#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0056 /**< The requested operation is not permitted in the current state. */ -#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0058 /**< Authenticated decryption failed: data was not authentic. */ -#define MBEDTLS_ERR_CHACHAPOLY_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, s part of the API is not implemented. */ +/* for shared error codes */ +#include "poly1305.h" +#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054 /**< The requested operation is not permitted in the current state. */ +#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056 /**< Authenticated decryption failed: data was not authentic. */ #ifdef __cplusplus extern "C" { @@ -59,7 +59,6 @@ mbedtls_chachapoly_mode_t; #if !defined(MBEDTLS_CHACHAPOLY_ALT) #include "chacha20.h" -#include "poly1305.h" typedef struct { @@ -117,7 +116,7 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); * \param key The 256-bit (32 bytes) key. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA * if \p ctx or \p key are NULL. */ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, @@ -141,7 +140,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, * #MBEDTLS_CHACHAPOLY_DECRYPT. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA * if \p ctx or \p mac are NULL. */ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, @@ -177,7 +176,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, * This pointer can be NULL if aad_len == 0. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA * if \p ctx or \p aad are NULL. * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE * if the operations has not been started or has been @@ -210,7 +209,7 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, * This pointer can be NULL if len == 0. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA * if \p ctx, \p input, or \p output are NULL. * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE * if the operation has not been started or has been @@ -229,7 +228,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, * \param mac The buffer to where the 128-bit (16 bytes) MAC is written. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA * if \p ctx or \p mac are NULL. * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE * if the operation has not been started or has been @@ -265,7 +264,7 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, * \param tag The buffer to where the computed 128-bit (16 bytes) MAC is written. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA * if one or more of the required parameters are NULL. */ int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx, @@ -298,7 +297,7 @@ int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx, * This pointer can be NULL if ilen == 0. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA + * \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA * if one or more of the required parameters are NULL. * \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED * if the data was not authentic. diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 21fa9fce2b..12f045ab4a 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -62,7 +62,7 @@ * DES 2 0x0032-0x0032 0x0033-0x0033 * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F - * NET 11 0x0042-0x0052 0x0043-0x0045 + * NET 13 0x0042-0x0052 0x0043-0x0049 * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C @@ -76,9 +76,9 @@ * SHA1 1 0x0035-0x0035 * SHA256 1 0x0037-0x0037 * SHA512 1 0x0039-0x0039 - * CHACHA20 2 0x0053-0x0055 - * POLY1305 2 0x0057-0x0059 - * CHACHAPOLY 4 0x0054-0x005A + * CHACHA20 3 0x0051-0x0055 + * POLY1305 3 0x0057-0x005B + * CHACHAPOLY 2 0x0054-0x0056 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 021a3a0de3..babbc15fa4 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -44,6 +44,7 @@ #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057 /**< Invalid input parameter(s). */ #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */ +#define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED -0x005B /**< Poly1305 hardware accelerator failed. */ #ifdef __cplusplus extern "C" { diff --git a/library/chachapoly.c b/library/chachapoly.c index ebf25bbbbb..de9e66cccb 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -123,7 +123,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, if ( ( ctx == NULL ) || ( key == NULL ) ) { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); } result = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key ); @@ -140,7 +140,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, if ( ( ctx == NULL ) || ( nonce == NULL ) ) { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); } /* Set counter = 0, will be update to 1 when generating Poly1305 key */ @@ -180,12 +180,12 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, { if ( ctx == NULL ) { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); } else if ( ( aad_len > 0U ) && ( aad == NULL ) ) { /* aad pointer is allowed to be NULL if aad_len == 0 */ - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); } else if ( ctx->state != CHACHAPOLY_STATE_AAD ) { @@ -204,12 +204,12 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, { if ( ctx == NULL ) { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); } else if ( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) ) { /* input and output pointers are allowed to be NULL if len == 0 */ - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); } else if ( ( ctx->state != CHACHAPOLY_STATE_AAD ) && ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) @@ -251,7 +251,7 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, if ( ( ctx == NULL ) || ( mac == NULL ) ) { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); } else if ( ctx->state == CHACHAPOLY_STATE_INIT ) { @@ -340,7 +340,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, int diff; if( tag == NULL ) - return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); if( ( ret = mbedtls_chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, diff --git a/library/error.c b/library/error.c index d9c21cd3f6..512831f093 100644 --- a/library/error.c +++ b/library/error.c @@ -670,17 +670,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CHACHA20 - Invalid input parameter(s)" ); if( use_ret == -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "CHACHA20 - Feature not available. For example, s part of the API is not implemented" ); + if( use_ret == -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CHACHA20 - Chacha20 hardware accelerator failed" ); #endif /* MBEDTLS_CHACHA20_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Invalid input parameter(s)" ); if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE) ) mbedtls_snprintf( buf, buflen, "CHACHAPOLY - The requested operation is not permitted in the current state" ); if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Authenticated decryption failed: data was not authentic" ); - if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_FEATURE_UNAVAILABLE) ) - mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Feature not available. For example, s part of the API is not implemented" ); #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CMAC_C) @@ -800,6 +798,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" ); if( use_ret == -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "POLY1305 - Feature not available. For example, s part of the API is not implemented" ); + if( use_ret == -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "POLY1305 - Poly1305 hardware accelerator failed" ); #endif /* MBEDTLS_POLY1305_C */ #if defined(MBEDTLS_RIPEMD160_C) diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index e379309cdc..7baa229956 100644 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -145,77 +145,77 @@ void chachapoly_bad_params() mbedtls_chachapoly_init( &ctx ); TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( NULL, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, nonce, aad, 0, input, output, mac ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, NULL, aad, 0, input, output, mac ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, nonce, NULL, aad_len, input, output, mac ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, input_len, nonce, aad, 0, NULL, output, mac ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, input_len, nonce, aad, 0, input, NULL, mac ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, nonce, aad, 0, input, output, NULL ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL, 0, nonce, aad, 0, mac, input, output ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, 0, NULL, aad, 0, mac, input, output ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, 0, nonce, NULL, aad_len, mac, input, output ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, 0, nonce, aad, 0, NULL, input, output ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce, aad, 0, mac, NULL, output ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce, aad, 0, mac, input, NULL ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, @@ -242,26 +242,26 @@ void chachapoly_bad_params() == 0 ); TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL ) - == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); + == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); exit: mbedtls_chachapoly_free( &ctx );