From 92bc4fc00dac5e38d331aca71c2e05e7eb9f2e9d Mon Sep 17 00:00:00 2001 From: Todd A Ouska Date: Wed, 20 Apr 2011 16:29:19 -0700 Subject: [PATCH] better error messages for generics in CTaoCrypt --- ctaocrypt/include/error.h | 5 +++- ctaocrypt/src/aes.c | 13 +++++---- ctaocrypt/src/asn.c | 53 +++++++++++++++++++++++------------ ctaocrypt/src/coding.c | 19 +++++++------ ctaocrypt/src/cyassl_memory.c | 7 +++-- ctaocrypt/src/dsa.c | 2 +- ctaocrypt/src/hmac.c | 3 +- ctaocrypt/src/logging.c | 5 ++-- ctaocrypt/src/pwdbased.c | 23 +++++++-------- ctaocrypt/src/rsa.c | 14 ++++----- 10 files changed, 85 insertions(+), 59 deletions(-) diff --git a/ctaocrypt/include/error.h b/ctaocrypt/include/error.h index 5dd6508bc..e6515c811 100644 --- a/ctaocrypt/include/error.h +++ b/ctaocrypt/include/error.h @@ -52,6 +52,7 @@ enum { MP_MOD_E = -118, /* mp_mod error state, can't mod */ MP_INVMOD_E = -119, /* mp_invmod error state, can't inv mod */ MP_CMP_E = -120, /* mp_cmp error state */ + MP_ZERO_E = -121, /* got a mp zero result, not expected */ MEMORY_E = -125, /* out of memory error */ @@ -86,10 +87,12 @@ enum { ASN_DH_KEY_E = -158, /* ASN key init error, invalid input */ ASN_NTRU_KEY_E = -159, /* ASN ntru key decode error, invalid input */ - /* TODO: TAO add ECC error strings to ErrorString() */ ECC_BAD_ARG_E = -170, /* ECC input argument of wrong type */ ASN_ECC_KEY_E = -171, /* ASN ECC bad input */ ECC_CURVE_OID_E = -172, /* Unsupported ECC OID curve type */ + BAD_FUNC_ARG = -173, /* Bad function argument provided */ + NOT_COMPILED_IN = -174, /* Feature not compiled in */ + UNICODE_SIZE_E = -175, /* Unicdoe password too big */ MIN_CODE_E = -200 /* errors -101 - -199 */ }; diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 841c1e4ef..f55147437 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -22,6 +22,7 @@ #ifndef NO_AES #include "ctc_aes.h" +#include "error.h" #ifdef NO_INLINE #include "misc.h" #else @@ -754,7 +755,7 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits, Aes* aes) { if (!userKey || !aes) - return -1; + return BAD_FUNC_ARG; if (bits == 128) { AES_128_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 10; @@ -768,7 +769,7 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits, AES_256_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 14; return 0; } - return -1; + return BAD_FUNC_ARG; } @@ -781,10 +782,10 @@ int AES_set_decrypt_key (const unsigned char* userKey, const int bits, __m128i *Temp_Key_Schedule = (__m128i*)temp_key.key; if (!userKey || !aes) - return -1; + return BAD_FUNC_ARG; - if (AES_set_encrypt_key(userKey,bits,&temp_key) == -1) - return -1; + if (AES_set_encrypt_key(userKey,bits,&temp_key) == BAD_FUNC_ARG) + return BAD_FUNC_ARG; nr = temp_key.rounds; aes->rounds = nr; @@ -827,7 +828,7 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, unsigned int i = 0; if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) - return -1; + return BAD_FUNC_ARG; #ifdef CYASSL_AESNI if (checkAESNI == 0) { diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index c9902bc76..1d2420d9a 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -521,7 +521,7 @@ int ToTraditional(byte* input, word32 sz) < 0 on error */ static int CheckAlgo(int first, int second, int* id, int* version) { - *id = -1; + *id = ALGO_ID_E; *version = PKCS5; /* default */ if (first == 1) { @@ -535,7 +535,7 @@ static int CheckAlgo(int first, int second, int* id, int* version) *version = PKCS12; return 0; default: - return -1; + return ALGO_ID_E; } } @@ -555,7 +555,7 @@ static int CheckAlgo(int first, int second, int* id, int* version) *id = PBE_SHA1_DES; return 0; default: - return -1; + return ALGO_ID_E; } } @@ -573,7 +573,7 @@ static int CheckAlgoV2(int oid, int* id) *id = PBE_SHA1_DES3; return 0; default: - return -1; + return ALGO_ID_E; } } @@ -616,7 +616,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, break; default: - return -1; /* unknown algo id */ + return ALGO_ID_E; } if (version == PKCS5v2) @@ -630,7 +630,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, byte unicodePasswd[MAX_UNICODE_SZ]; if ( (passwordSz * 2 + 2) > sizeof(unicodePasswd)) - return -1; /* unicode passwd too big */ + return UNICODE_SIZE_E; for (i = 0; i < passwordSz; i++) { unicodePasswd[idx++] = 0x00; @@ -685,7 +685,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, } default: - return -1; /* unknown algo id */ + return ALGO_ID_E; } return 0; @@ -1071,7 +1071,7 @@ static int StoreRsaKey(DecodedCert* cert) { if (oid != ECC_256R1 && oid != ECC_384R1 && oid != ECC_521R1 && oid != ECC_160R1 && oid != ECC_192R1 && oid != ECC_224R1) - return -1; + return ALGO_ID_E; return 0; } @@ -2055,6 +2055,10 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "mp_cmp error state", max); break; + case MP_ZERO_E : + XSTRNCPY(buffer, "mp zero result, not expected", max); + break; + case MEMORY_E : XSTRNCPY(buffer, "out of memory error", max); break; @@ -2184,6 +2188,18 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max); break; + case BAD_FUNC_ARG : + XSTRNCPY(buffer, "Bad function argument", max); + break; + + case NOT_COMPILED_IN : + XSTRNCPY(buffer, "Feature not compiled in", max); + break; + + case UNICODE_SIZE_E : + XSTRNCPY(buffer, "Unicode password too big", max); + break; + default: XSTRNCPY(buffer, "unknown error number", max); @@ -2221,6 +2237,7 @@ int DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, int headerLen; int footerLen; int i; + int err; int outLen; /* return length or error */ if (type == CERT_TYPE) { @@ -2235,11 +2252,11 @@ int DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, footerLen = XSTRLEN(footer); if (!der || !output) - return -1; + return BAD_FUNC_ARG; /* don't even try if outSz too short */ if (outSz < headerLen + footerLen + derSz) - return -1; + return BAD_FUNC_ARG; /* header */ XMEMCPY(output, header, headerLen); @@ -2247,13 +2264,13 @@ int DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz, /* body */ outLen = outSz; /* input to Base64Encode */ - if (Base64Encode(der, derSz, output + i, (word32*)&outLen) < 0) - return -1; + if ( (err = Base64Encode(der, derSz, output + i, (word32*)&outLen)) < 0) + return ret; i += outLen; /* footer */ if ( (i + footerLen) > (int)outSz) - return -1; + return BAD_FUNC_ARG; XMEMCPY(output + i, footer, footerLen); return outLen + headerLen + footerLen; @@ -2302,10 +2319,10 @@ int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) byte tmps[RSA_INTS][MAX_RSA_INT_SZ]; if (!key || !output) - return -1; + return BAD_FUNC_ARG; if (key->type != RSA_PRIVATE) - return -1; + return BAD_FUNC_ARG; /* write all big ints from key to DER tmps */ for (i = 0; i < RSA_INTS; i++) { @@ -2325,7 +2342,7 @@ int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) return err; } else - return -1; + return ASN_INPUT_E; } /* make headers */ @@ -2334,7 +2351,7 @@ int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) outLen = seqSz + verSz + intTotalLen; if (outLen > (int)inLen) - return -1; + return BAD_FUNC_ARG; /* write to output */ XMEMCPY(output, seq, seqSz); @@ -3108,7 +3125,7 @@ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) int err; if (*outLen < (rLen + sLen + headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */ - return -1; + return BAD_FUNC_ARG; idx = SetSequence(rLen + sLen + headerSz, out); diff --git a/ctaocrypt/src/coding.c b/ctaocrypt/src/coding.c index 5ffabf179..61792bd64 100644 --- a/ctaocrypt/src/coding.c +++ b/ctaocrypt/src/coding.c @@ -21,6 +21,7 @@ #include "coding.h" +#include "error.h" enum { @@ -51,7 +52,7 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen) word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ ); plainSz = (plainSz * 3 + 3) / 4; - if (plainSz > *outLen) return -1; + if (plainSz > *outLen) return BAD_FUNC_ARG; while (inLen > 3) { byte b1, b2, b3; @@ -100,7 +101,7 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen) inLen--; } if (endLine != '\n') - return -1; + return ASN_INPUT_E; } } *outLen = i; @@ -133,7 +134,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen) word32 outSz = (inLen + 3 - 1) / 3 * 4; outSz += (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */ - if (outSz > *outLen) return -1; + if (outSz > *outLen) return BAD_FUNC_ARG; while (inLen > 2) { byte b1 = in[j++]; @@ -177,7 +178,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen) out[i++] = '\n'; if (i != outSz) - return -1; + return ASN_INPUT_E; *outLen = outSz; return 0; @@ -196,10 +197,10 @@ int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen) word32 outIdx = 0; if (inLen % 2) - return -1; + return BAD_FUNC_ARG; if (*outLen < (inLen / 2)) - return -1; + return BAD_FUNC_ARG; while (inLen) { byte b = in[inIdx++] - 0x30; /* 0 starts at 0x30 */ @@ -207,15 +208,15 @@ int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen) /* sanity checks */ if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) - return -1; + return ASN_INPUT_E; if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0])) - return -1; + return ASN_INPUT_E; b = hexDecode[b]; b2 = hexDecode[b2]; if (b == BAD || b2 == BAD) - return -1; + return ASN_INPUT_E; out[outIdx++] = (b << 4) | b2; inLen -= 2; diff --git a/ctaocrypt/src/cyassl_memory.c b/ctaocrypt/src/cyassl_memory.c index ed1cd2a56..45b66a723 100644 --- a/ctaocrypt/src/cyassl_memory.c +++ b/ctaocrypt/src/cyassl_memory.c @@ -27,6 +27,7 @@ #ifdef USE_CYASSL_MEMORY #include "cyassl_memory.h" +#include "error.h" /* Set these to default values initially. */ @@ -43,17 +44,17 @@ int CyaSSL_SetAllocators(CyaSSL_Malloc_cb mf, if (mf) malloc_function = mf; else - res = -1; + res = BAD_FUNC_ARG; if (ff) free_function = ff; else - res = -1; + res = BAD_FUNC_ARG; if (rf) realloc_function = rf; else - res = -1; + res = BAD_FUNC_ARG; return res; } diff --git a/ctaocrypt/src/dsa.c b/ctaocrypt/src/dsa.c index 28e328ad4..f373bef1d 100644 --- a/ctaocrypt/src/dsa.c +++ b/ctaocrypt/src/dsa.c @@ -45,7 +45,7 @@ enum { void InitDsaKey(DsaKey* key) { - key->type = -1; /* haven't decdied yet */ + key->type = -1; /* haven't decided yet */ /* TomsFastMath doesn't use memory allocation */ #ifndef USE_FAST_MATH diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index abeacb2f4..5595f6d5a 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -23,6 +23,7 @@ #ifndef NO_HMAC #include "ctc_hmac.h" +#include "error.h" @@ -32,7 +33,7 @@ static int InitHmac(Hmac* hmac, int type) hmac->macType = type; if (!(type == MD5 || type == SHA || type == SHA256)) - return -1; + return BAD_FUNC_ARG; if (type == MD5) InitMd5(&hmac->hash.md5); diff --git a/ctaocrypt/src/logging.c b/ctaocrypt/src/logging.c index 7fc38b078..68414eadc 100644 --- a/ctaocrypt/src/logging.c +++ b/ctaocrypt/src/logging.c @@ -23,6 +23,7 @@ #include "os_settings.h" #include "logging.h" +#include "error.h" /* Set these to default values initially. */ @@ -37,7 +38,7 @@ int CyaSSL_SetLoggingCb(CyaSSL_Logging_cb f) if (f) log_function = f; else - res = -1; + res = BAD_FUNC_ARG; return res; } @@ -49,7 +50,7 @@ int CyaSSL_Debugging_ON(void) loggingEnabled = 1; return 0; #else - return -1; /* not compiled in */ + return NOT_COMPILED_IN; #endif } diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index b14dc06f2..727096295 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -25,6 +25,7 @@ #include "pwdbased.h" #include "ctc_hmac.h" #include "integer.h" +#include "error.h" #ifdef CYASSL_SHA512 #include "sha512.h" #endif @@ -56,13 +57,13 @@ int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, byte buffer[SHA_DIGEST_SIZE]; /* max size */ if (hashType != MD5 && hashType != SHA) - return -1; + return BAD_FUNC_ARG; if (kLen > hLen) - return -1; + return BAD_FUNC_ARG; if (iterations < 1) - return -1; + return BAD_FUNC_ARG; if (hashType == MD5) { InitMd5(&md5); @@ -117,7 +118,7 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, } #endif else - return -1; /* bad HMAC hashType */ + return BAD_FUNC_ARG; HmacSetKey(&hmac, hashType, passwd, pLen); @@ -191,7 +192,7 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, } #endif else - return -1; /* bad hashType */ + return BAD_FUNC_ARG; dLen = v; sLen = v * ((saltLen + v - 1) / v); @@ -205,7 +206,7 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, if (totalLen > sizeof(staticBuffer)) { buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY); - if (buffer == NULL) return -1; + if (buffer == NULL) return MEMORY_E; dynamic = 1; } @@ -251,9 +252,9 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, mp_init(&B1); if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY) - ret = -1; + ret = MP_READ_E; else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY) { - ret = -1; + ret = MP_ADD_E; mp_clear(&B1); break; } @@ -267,11 +268,11 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, mp_init(&res); if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY) - ret = -1; + ret = MP_READ_E; else if (mp_add(&i1, &B1, &res) != MP_OKAY) - ret = -1; + ret = MP_ADD_E; else if ( (outSz = mp_unsigned_bin_size(&res)) < 0) - ret = -1; + ret = MP_TO_E; else { if (outSz > v) { /* take off MSB */ diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c index 5757c94db..092056cda 100644 --- a/ctaocrypt/src/rsa.c +++ b/ctaocrypt/src/rsa.c @@ -48,7 +48,7 @@ enum { void InitRsaKey(RsaKey* key, void* heap) { - key->type = -1; /* haven't decdied yet */ + key->type = -1; /* haven't decided yet */ key->heap = heap; /* TomsFastMath doesn't use memory allocation */ @@ -369,7 +369,7 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) byte* buf; if (N == NULL || rng == NULL) - return -1; + return BAD_FUNC_ARG; /* get type */ if (len < 0) { @@ -381,13 +381,13 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) /* allow sizes between 2 and 512 bytes for a prime size */ if (len < 2 || len > 512) { - return -1; + return BAD_FUNC_ARG; } /* allocate buffer to work with */ buf = XMALLOC(len, heap, DYNAMIC_TYPE_RSA); if (buf == NULL) { - return -1; + return MEMORY_E; } XMEMSET(buf, 0, len); @@ -432,13 +432,13 @@ int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) int err; if (key == NULL || rng == NULL) - return -1; + return BAD_FUNC_ARG; if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) - return -1; + return BAD_FUNC_ARG; if (e < 3 || (e & 1) == 0) - return -1; + return BAD_FUNC_ARG; if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) return err;