From 92143276239d95420b56a33f5abaf2b9d0850ca0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jan 2018 23:26:24 +0100 Subject: [PATCH 1/2] Sort list to make things easier to find --- scripts/generate_errors.pl | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index cfcf07c8f..882afbdb9 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -29,13 +29,14 @@ if( @ARGV ) { my $error_format_file = $data_dir.'/error.fmt'; -my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM", - "BASE64", "XTEA", "PBKDF2", "OID", - "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", - "HMAC_DRBG", "MD2", "MD4", "MD5", "RIPEMD160", - "SHA1", "SHA256", "SHA512", "GCM", "THREADING", "CCM" ); -my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", - "PK", "PKCS12", "PKCS5" ); +my @low_level_modules = qw( AES ASN1 BASE64 BIGNUM BLOWFISH + CAMELLIA CCM CTR_DRBG DES ENTROPY + GCM HMAC_DRBG MD2 MD4 MD5 + NET OID PADLOCK PBKDF2 RIPEMD160 + SHA1 SHA256 SHA512 THREADING XTEA ); +my @high_level_modules = qw( CIPHER DHM ECP MD + PEM PK PKCS12 PKCS5 + RSA SSL X509 ); my $line_separator = $/; undef $/; From 7ecab3df4cc3a79e8b74dd6bd79cf3882e033841 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jan 2018 17:56:38 +0100 Subject: [PATCH 2/2] Error codes for hardware accelerator failures Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography modules where the software implementation can be replaced by a hardware implementation. This does not include the individual message digest modules since they currently have no way to return error codes. This does include the higher-level md, cipher and pk modules since alternative implementations and even algorithms can be plugged in at runtime. --- ChangeLog | 3 +++ include/mbedtls/aes.h | 3 ++- include/mbedtls/arc4.h | 2 ++ include/mbedtls/blowfish.h | 1 + include/mbedtls/camellia.h | 1 + include/mbedtls/ccm.h | 1 + include/mbedtls/cipher.h | 3 ++- include/mbedtls/cmac.h | 2 ++ include/mbedtls/des.h | 1 + include/mbedtls/dhm.h | 1 + include/mbedtls/ecp.h | 1 + include/mbedtls/error.h | 28 +++++++++++++----------- include/mbedtls/gcm.h | 1 + include/mbedtls/md.h | 1 + include/mbedtls/pk.h | 1 + include/mbedtls/rsa.h | 1 + include/mbedtls/xtea.h | 1 + library/error.c | 44 ++++++++++++++++++++++++++++++++++++++ scripts/generate_errors.pl | 6 +++--- 19 files changed, 84 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index a200d51fb..50b534773 100644 --- a/ChangeLog +++ b/ChangeLog @@ -117,6 +117,9 @@ Changes * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. * Add mechanism to provide alternative implementation of the DHM module. + * Add MBEDTLS_ERR_XXX_HW_ACCEL_FAILED error codes for all cryptography + modules where the software implementation can be replaced by a hardware + implementation. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 71dcea9e5..541fa930d 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -41,8 +41,9 @@ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ -/* Error codes in range 0x0023-0x0023 */ +/* Error codes in range 0x0023-0x0025 */ #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available, e.g. unsupported AES key size. */ +#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index 26de33f8d..875c57431 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -32,6 +32,8 @@ #include +#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ + #if !defined(MBEDTLS_ARC4_ALT) // Regular implementation // diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 6593730e4..c0ef5a04c 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -41,6 +41,7 @@ #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */ +#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ #if !defined(MBEDTLS_BLOWFISH_ALT) diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 107056fc6..cf07629d9 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -38,6 +38,7 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ +#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ #if !defined(MBEDTLS_CAMELLIA_ALT) // Regular implementation diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index acd94adb8..1459eb8ea 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -28,6 +28,7 @@ #define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ +#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ #if !defined(MBEDTLS_CCM_ALT) // Regular implementation diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index b92a8dbb9..97b9226f5 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -58,7 +58,8 @@ #define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200 /**< Input data contains invalid padding and is rejected. */ #define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */ #define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */ -#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ +#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 /**< The context is invalid, eg because it was free()ed. */ +#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED -0x6400 /**< Cipher hardware accelerator failed. */ #define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */ #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */ diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index a7f7f45e9..1cac94896 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -31,6 +31,8 @@ extern "C" { #endif +#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A /**< CMAC hardware accelerator failed. */ + #define MBEDTLS_AES_BLOCK_SIZE 16 #define MBEDTLS_DES3_BLOCK_SIZE 8 diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 7f8f27eea..175289850 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -37,6 +37,7 @@ #define MBEDTLS_DES_DECRYPT 0 #define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */ +#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */ #define MBEDTLS_DES_KEY_SIZE 8 diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index d017b380e..8a28ffac9 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -44,6 +44,7 @@ #define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380 /**< The ASN.1 data is not formatted correctly. */ #define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */ +#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED -0x3500 /**< DHM hardware accelerator failed. */ /** * RFC 3526 defines a number of standardized Diffie-Hellman groups diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 977134059..b00ba4da8 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -37,6 +37,7 @@ #define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */ #define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ +#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ #if !defined(MBEDTLS_ECP_ALT) /* diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index bd4ca90f0..7e3289269 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -50,23 +50,25 @@ * * Module Nr Codes assigned * MPI 7 0x0002-0x0010 - * GCM 2 0x0012-0x0014 - * BLOWFISH 2 0x0016-0x0018 + * GCM 3 0x0012-0x0014 0x0013-0x0013 + * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E - * AES 2 0x0020-0x0022 0x0023-0x0023 - * CAMELLIA 2 0x0024-0x0026 - * XTEA 1 0x0028-0x0028 + * AES 4 0x0020-0x0022 0x0023-0x0025 + * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 + * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B * PADLOCK 1 0x0030-0x0030 - * DES 1 0x0032-0x0032 + * DES 2 0x0032-0x0032 0x0033-0x0033 * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 11 0x0042-0x0052 0x0043-0x0045 * ASN1 7 0x0060-0x006C + * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 - * CCM 2 0x000D-0x000F + * CCM 3 0x000D-0x0011 + * ARC4 1 0x0019-0x0019 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors @@ -74,12 +76,12 @@ * PKCS#12 1 4 (Started from top) * X509 2 20 * PKCS5 2 4 (Started from top) - * DHM 3 9 - * PK 3 14 (Started from top) - * RSA 4 10 - * ECP 4 8 (Started from top) - * MD 5 4 - * CIPHER 6 6 + * DHM 3 10 + * PK 3 15 (Started from top) + * RSA 4 11 + * ECP 4 9 (Started from top) + * MD 5 5 + * CIPHER 6 8 * SSL 6 17 (Started from top) * SSL 7 31 * diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index f1019861d..c7f01c316 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -32,6 +32,7 @@ #define MBEDTLS_GCM_DECRYPT 0 #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ +#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ #if !defined(MBEDTLS_GCM_ALT) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index f23bad40a..57c27a6f0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -38,6 +38,7 @@ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ #define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */ +#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED -0x5280 /**< MD hardware accelerator failed. */ #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 28f615007..1059bdaa5 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -64,6 +64,7 @@ #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */ +#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */ #ifdef __cplusplus extern "C" { diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a4a471683..752105822 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -50,6 +50,7 @@ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ #define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */ +#define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED -0x4580 /**< RSA hardware accelerator failed. */ /* * RSA constants diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index 1d01e56f8..34ccee3c2 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -37,6 +37,7 @@ #define MBEDTLS_XTEA_DECRYPT 0 #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ +#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ #if !defined(MBEDTLS_XTEA_ALT) // Regular implementation diff --git a/library/error.c b/library/error.c index 151ca4eae..70ea2bffc 100644 --- a/library/error.c +++ b/library/error.c @@ -45,6 +45,10 @@ #include "mbedtls/aes.h" #endif +#if defined(MBEDTLS_ARC4_C) +#include "mbedtls/arc4.h" +#endif + #if defined(MBEDTLS_BASE64_C) #include "mbedtls/base64.h" #endif @@ -69,6 +73,10 @@ #include "mbedtls/cipher.h" #endif +#if defined(MBEDTLS_CMAC_C) +#include "mbedtls/cmac.h" +#endif + #if defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/ctr_drbg.h" #endif @@ -185,6 +193,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CIPHER - Authentication failed (for AEAD modes)" ); if( use_ret == -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT) ) mbedtls_snprintf( buf, buflen, "CIPHER - The context is invalid, eg because it was free()ed" ); + if( use_ret == -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CIPHER - Cipher hardware accelerator failed" ); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) @@ -206,6 +216,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "DHM - Allocation of memory failed" ); if( use_ret == -(MBEDTLS_ERR_DHM_FILE_IO_ERROR) ) mbedtls_snprintf( buf, buflen, "DHM - Read/write of file failed" ); + if( use_ret == -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "DHM - DHM hardware accelerator failed" ); #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_ECP_C) @@ -225,6 +237,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "ECP - Invalid private or public key" ); if( use_ret == -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) ) mbedtls_snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" ); + if( use_ret == -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "ECP - ECP hardware accelerator failed" ); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) @@ -236,6 +250,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "MD - Failed to allocate memory" ); if( use_ret == -(MBEDTLS_ERR_MD_FILE_IO_ERROR) ) mbedtls_snprintf( buf, buflen, "MD - Opening or reading of file failed" ); + if( use_ret == -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD - MD hardware accelerator failed" ); #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) @@ -288,6 +304,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); if( use_ret == -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH) ) mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" ); + if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" ); #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_PKCS12_C) @@ -333,6 +351,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" ); + if( use_ret == -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "RSA - RSA hardware accelerator failed" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) @@ -522,8 +542,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "AES - Feature not available, e.g. unsupported AES key size" ); + if( use_ret == -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "AES - AES hardware accelerator failed" ); #endif /* MBEDTLS_AES_C */ +#if defined(MBEDTLS_ARC4_C) + if( use_ret == -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "ARC4 - ARC4 hardware accelerator failed" ); +#endif /* MBEDTLS_ARC4_C */ + #if defined(MBEDTLS_ASN1_PARSE_C) if( use_ret == -(MBEDTLS_ERR_ASN1_OUT_OF_DATA) ) mbedtls_snprintf( buf, buflen, "ASN1 - Out of data when parsing an ASN1 data structure" ); @@ -570,6 +597,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_BLOWFISH_C) if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); #endif /* MBEDTLS_BLOWFISH_C */ @@ -579,6 +608,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CCM_C) @@ -586,8 +617,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "CCM - Bad input parameters to function" ); if( use_ret == -(MBEDTLS_ERR_CCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "CCM - Authenticated decryption failed" ); + if( use_ret == -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" ); #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CMAC_C) + if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" ); +#endif /* MBEDTLS_CMAC_C */ + #if defined(MBEDTLS_CTR_DRBG_C) if( use_ret == -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) ) mbedtls_snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" ); @@ -602,6 +640,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_DES_C) if( use_ret == -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "DES - The data input has an invalid length" ); + if( use_ret == -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "DES - DES hardware accelerator failed" ); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ENTROPY_C) @@ -620,6 +660,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_GCM_C) if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) ) mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); + if( use_ret == -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "GCM - GCM hardware accelerator failed" ); if( use_ret == -(MBEDTLS_ERR_GCM_BAD_INPUT) ) mbedtls_snprintf( buf, buflen, "GCM - Bad input parameters to function" ); #endif /* MBEDTLS_GCM_C */ @@ -684,6 +726,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_XTEA_C) if( use_ret == -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "XTEA - The data input has an invalid length" ); + if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" ); #endif /* MBEDTLS_XTEA_C */ // END generated code diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 882afbdb9..59618d4aa 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -29,9 +29,9 @@ if( @ARGV ) { my $error_format_file = $data_dir.'/error.fmt'; -my @low_level_modules = qw( AES ASN1 BASE64 BIGNUM BLOWFISH - CAMELLIA CCM CTR_DRBG DES ENTROPY - GCM HMAC_DRBG MD2 MD4 MD5 +my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH + CAMELLIA CCM CMAC CTR_DRBG DES + ENTROPY GCM HMAC_DRBG MD2 MD4 MD5 NET OID PADLOCK PBKDF2 RIPEMD160 SHA1 SHA256 SHA512 THREADING XTEA ); my @high_level_modules = qw( CIPHER DHM ECP MD