[bssl] Retrieve error code from BoringSSL

This cl retrieves the error code from BoringSSL when an operation
fails and returns it to the users.

Test: atest rialto_test
Bug: 302527194
Change-Id: I36da67c2ff9e7f45aea8db659d400c347d9705ca
diff --git a/libs/bssl/error/src/code.rs b/libs/bssl/error/src/code.rs
new file mode 100644
index 0000000..7fb36c4
--- /dev/null
+++ b/libs/bssl/error/src/code.rs
@@ -0,0 +1,98 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use core::fmt;
+use serde::{Deserialize, Serialize};
+
+type BsslReasonCode = i32;
+type BsslLibraryCode = i32;
+
+/// BoringSSL reason code.
+#[allow(missing_docs)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum ReasonCode {
+    NoError,
+    Global(GlobalError),
+    Cipher(CipherError),
+    Unknown(BsslReasonCode, BsslLibraryCode),
+}
+
+impl fmt::Display for ReasonCode {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            Self::NoError => write!(f, "No error in the BoringSSL error queue."),
+            Self::Unknown(code, lib) => {
+                write!(f, "Unknown reason code '{code}' from the library '{lib}'")
+            }
+            other => write!(f, "{other:?}"),
+        }
+    }
+}
+
+/// Global errors may occur in any library.
+///
+/// The values are from:
+/// boringssl/src/include/openssl/err.h
+#[allow(missing_docs)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum GlobalError {
+    Fatal,
+    MallocFailure,
+    ShouldNotHaveBeenCalled,
+    PassedNullParameter,
+    InternalError,
+    Overflow,
+}
+
+impl fmt::Display for GlobalError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(f, "A global error occurred: {self:?}")
+    }
+}
+
+/// Errors occurred in the Cipher functions.
+///
+/// The values are from:
+/// boringssl/src/include/openssl/cipher.h
+#[allow(missing_docs)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum CipherError {
+    AesKeySetupFailed,
+    BadDecrypt,
+    BadKeyLength,
+    BufferTooSmall,
+    CtrlNotImplemented,
+    CtrlOperationNotImplemented,
+    DataNotMultipleOfBlockLength,
+    InitializationError,
+    InputNotInitialized,
+    InvalidAdSize,
+    InvalidKeyLength,
+    InvalidNonceSize,
+    InvalidOperation,
+    IvTooLarge,
+    NoCipherSet,
+    OutputAliasesInput,
+    TagTooLarge,
+    TooLarge,
+    WrongFinalBlockLength,
+    NoDirectionSet,
+    InvalidNonce,
+}
+
+impl fmt::Display for CipherError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(f, "An error occurred in a Cipher function: {self:?}")
+    }
+}
diff --git a/libs/bssl/error/src/lib.rs b/libs/bssl/error/src/lib.rs
index 68f7485..547ad43 100644
--- a/libs/bssl/error/src/lib.rs
+++ b/libs/bssl/error/src/lib.rs
@@ -16,9 +16,13 @@
 
 #![cfg_attr(not(feature = "std"), no_std)]
 
+mod code;
+
 use core::{fmt, result};
 use serde::{Deserialize, Serialize};
 
+pub use crate::code::{CipherError, GlobalError, ReasonCode};
+
 /// libbssl_avf result type.
 pub type Result<T> = result::Result<T, Error>;
 
@@ -26,7 +30,7 @@
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub enum Error {
     /// Failed to invoke a BoringSSL API.
-    CallFailed(ApiName),
+    CallFailed(ApiName, ReasonCode),
 
     /// An unexpected internal error occurred.
     InternalError,
@@ -35,8 +39,8 @@
 impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match self {
-            Self::CallFailed(api_name) => {
-                write!(f, "Failed to invoke the BoringSSL API: {api_name:?}")
+            Self::CallFailed(api_name, reason) => {
+                write!(f, "Failed to invoke the BoringSSL API: {api_name:?}. Reason: {reason}")
             }
             Self::InternalError => write!(f, "An unexpected internal error occurred"),
         }
diff --git a/libs/bssl/src/ec_key.rs b/libs/bssl/src/ec_key.rs
index 901212f..7038e21 100644
--- a/libs/bssl/src/ec_key.rs
+++ b/libs/bssl/src/ec_key.rs
@@ -16,7 +16,7 @@
 //! BoringSSL.
 
 use crate::cbb::CbbFixed;
-use crate::util::check_int_result;
+use crate::util::{check_int_result, to_call_failed_error};
 use alloc::vec::Vec;
 use bssl_avf_error::{ApiName, Error, Result};
 use bssl_ffi::{
@@ -54,7 +54,7 @@
         };
         let mut ec_key = NonNull::new(ec_key)
             .map(Self)
-            .ok_or(Error::CallFailed(ApiName::EC_KEY_new_by_curve_name))?;
+            .ok_or(to_call_failed_error(ApiName::EC_KEY_new_by_curve_name))?;
         ec_key.generate_key()?;
         Ok(ec_key)
     }
@@ -104,7 +104,7 @@
            // `EC_KEY` pointer.
            unsafe { EC_KEY_get0_public_key(self.0.as_ptr()) };
         if ec_point.is_null() {
-            Err(Error::CallFailed(ApiName::EC_KEY_get0_public_key))
+            Err(to_call_failed_error(ApiName::EC_KEY_get0_public_key))
         } else {
             Ok(ec_point)
         }
@@ -118,7 +118,7 @@
            // `EC_KEY` pointer.
            unsafe { EC_KEY_get0_group(self.0.as_ptr()) };
         if group.is_null() {
-            Err(Error::CallFailed(ApiName::EC_KEY_get0_group))
+            Err(to_call_failed_error(ApiName::EC_KEY_get0_group))
         } else {
             Ok(group)
         }
@@ -144,7 +144,7 @@
         // SAFETY: This is safe because the CBB pointer is initialized with `CBB_init_fixed()`,
         // and it has been flushed, thus it has no active children.
         let len = unsafe { CBB_len(cbb.as_ref()) };
-        Ok(buf.get(0..len).ok_or(Error::CallFailed(ApiName::CBB_len))?.to_vec().into())
+        Ok(buf.get(0..len).ok_or(to_call_failed_error(ApiName::CBB_len))?.to_vec().into())
     }
 }
 
@@ -178,7 +178,7 @@
     fn new() -> Result<Self> {
         // SAFETY: The returned pointer is checked below.
         let bn = unsafe { BN_new() };
-        NonNull::new(bn).map(Self).ok_or(Error::CallFailed(ApiName::BN_new))
+        NonNull::new(bn).map(Self).ok_or(to_call_failed_error(ApiName::BN_new))
     }
 
     fn as_mut_ptr(&mut self) -> *mut BIGNUM {
diff --git a/libs/bssl/src/err.rs b/libs/bssl/src/err.rs
new file mode 100644
index 0000000..1ee40c9
--- /dev/null
+++ b/libs/bssl/src/err.rs
@@ -0,0 +1,112 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Wrappers of the error handling functions in BoringSSL err.h.
+
+use bssl_avf_error::{CipherError, GlobalError, ReasonCode};
+use bssl_ffi::{self, ERR_get_error, ERR_GET_LIB_RUST, ERR_GET_REASON_RUST};
+
+const NO_ERROR_REASON_CODE: i32 = 0;
+
+/// Returns the reason code for the least recent error and removes that
+/// error from the error queue.
+pub(crate) fn get_error_reason_code() -> ReasonCode {
+    let packed_error = get_packed_error();
+    let reason = get_reason(packed_error);
+    let lib = get_lib(packed_error);
+    map_to_reason_code(reason, lib)
+}
+
+/// Returns the packed error code for the least recent error and removes that
+/// error from the error queue.
+///
+/// Returns 0 if there are no errors in the queue.
+fn get_packed_error() -> u32 {
+    // SAFETY: This function only reads the error queue.
+    unsafe { ERR_get_error() }
+}
+
+fn get_reason(packed_error: u32) -> i32 {
+    // SAFETY: This function only reads the given error code.
+    unsafe { ERR_GET_REASON_RUST(packed_error) }
+}
+
+/// Returns the library code for the error.
+fn get_lib(packed_error: u32) -> i32 {
+    // SAFETY: This function only reads the given error code.
+    unsafe { ERR_GET_LIB_RUST(packed_error) }
+}
+
+fn map_to_reason_code(reason: i32, lib: i32) -> ReasonCode {
+    if reason == NO_ERROR_REASON_CODE {
+        return ReasonCode::NoError;
+    }
+    map_global_reason_code(reason)
+        .map(ReasonCode::Global)
+        .or_else(|| map_library_reason_code(reason, lib))
+        .unwrap_or(ReasonCode::Unknown(reason, lib))
+}
+
+/// Global errors may occur in any library.
+fn map_global_reason_code(reason: i32) -> Option<GlobalError> {
+    let reason = match reason {
+        bssl_ffi::ERR_R_FATAL => GlobalError::Fatal,
+        bssl_ffi::ERR_R_MALLOC_FAILURE => GlobalError::MallocFailure,
+        bssl_ffi::ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED => GlobalError::ShouldNotHaveBeenCalled,
+        bssl_ffi::ERR_R_PASSED_NULL_PARAMETER => GlobalError::PassedNullParameter,
+        bssl_ffi::ERR_R_INTERNAL_ERROR => GlobalError::InternalError,
+        bssl_ffi::ERR_R_OVERFLOW => GlobalError::Overflow,
+        _ => return None,
+    };
+    Some(reason)
+}
+
+fn map_library_reason_code(reason: i32, lib: i32) -> Option<ReasonCode> {
+    u32::try_from(lib).ok().and_then(|x| match x {
+        bssl_ffi::ERR_LIB_CIPHER => map_cipher_reason_code(reason).map(ReasonCode::Cipher),
+        _ => None,
+    })
+}
+
+fn map_cipher_reason_code(reason: i32) -> Option<CipherError> {
+    let error = match reason {
+        bssl_ffi::CIPHER_R_AES_KEY_SETUP_FAILED => CipherError::AesKeySetupFailed,
+        bssl_ffi::CIPHER_R_BAD_DECRYPT => CipherError::BadDecrypt,
+        bssl_ffi::CIPHER_R_BAD_KEY_LENGTH => CipherError::BadKeyLength,
+        bssl_ffi::CIPHER_R_BUFFER_TOO_SMALL => CipherError::BufferTooSmall,
+        bssl_ffi::CIPHER_R_CTRL_NOT_IMPLEMENTED => CipherError::CtrlNotImplemented,
+        bssl_ffi::CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED => {
+            CipherError::CtrlOperationNotImplemented
+        }
+        bssl_ffi::CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH => {
+            CipherError::DataNotMultipleOfBlockLength
+        }
+        bssl_ffi::CIPHER_R_INITIALIZATION_ERROR => CipherError::InitializationError,
+        bssl_ffi::CIPHER_R_INPUT_NOT_INITIALIZED => CipherError::InputNotInitialized,
+        bssl_ffi::CIPHER_R_INVALID_AD_SIZE => CipherError::InvalidAdSize,
+        bssl_ffi::CIPHER_R_INVALID_KEY_LENGTH => CipherError::InvalidKeyLength,
+        bssl_ffi::CIPHER_R_INVALID_NONCE_SIZE => CipherError::InvalidNonceSize,
+        bssl_ffi::CIPHER_R_INVALID_OPERATION => CipherError::InvalidOperation,
+        bssl_ffi::CIPHER_R_IV_TOO_LARGE => CipherError::IvTooLarge,
+        bssl_ffi::CIPHER_R_NO_CIPHER_SET => CipherError::NoCipherSet,
+        bssl_ffi::CIPHER_R_OUTPUT_ALIASES_INPUT => CipherError::OutputAliasesInput,
+        bssl_ffi::CIPHER_R_TAG_TOO_LARGE => CipherError::TagTooLarge,
+        bssl_ffi::CIPHER_R_TOO_LARGE => CipherError::TooLarge,
+        bssl_ffi::CIPHER_R_WRONG_FINAL_BLOCK_LENGTH => CipherError::WrongFinalBlockLength,
+        bssl_ffi::CIPHER_R_NO_DIRECTION_SET => CipherError::NoDirectionSet,
+        bssl_ffi::CIPHER_R_INVALID_NONCE => CipherError::InvalidNonce,
+        _ => return None,
+    };
+    Some(error)
+}
diff --git a/libs/bssl/src/hmac.rs b/libs/bssl/src/hmac.rs
index 1e09315..ddbbe4a 100644
--- a/libs/bssl/src/hmac.rs
+++ b/libs/bssl/src/hmac.rs
@@ -15,7 +15,8 @@
 //! Wrappers of the HMAC functions in BoringSSL hmac.h.
 
 use crate::digest::Digester;
-use bssl_avf_error::{ApiName, Error, Result};
+use crate::util::to_call_failed_error;
+use bssl_avf_error::{ApiName, Result};
 use bssl_ffi::{HMAC, SHA256_DIGEST_LENGTH};
 
 const SHA256_LEN: usize = SHA256_DIGEST_LENGTH as usize;
@@ -53,6 +54,6 @@
     if !ret.is_null() && out_len == (out.len() as u32) {
         Ok(out)
     } else {
-        Err(Error::CallFailed(ApiName::HMAC))
+        Err(to_call_failed_error(ApiName::HMAC))
     }
 }
diff --git a/libs/bssl/src/lib.rs b/libs/bssl/src/lib.rs
index 4b9ff59..8b38f5b 100644
--- a/libs/bssl/src/lib.rs
+++ b/libs/bssl/src/lib.rs
@@ -21,11 +21,13 @@
 mod cbb;
 mod digest;
 mod ec_key;
+mod err;
 mod hkdf;
 mod hmac;
 mod util;
 
-pub use bssl_avf_error::{ApiName, Error, Result};
+pub use bssl_avf_error::{ApiName, CipherError, Error, ReasonCode, Result};
+
 pub use cbb::CbbFixed;
 pub use digest::Digester;
 pub use ec_key::{EcKey, ZVec};
diff --git a/libs/bssl/src/util.rs b/libs/bssl/src/util.rs
index cb5e368..880c85b 100644
--- a/libs/bssl/src/util.rs
+++ b/libs/bssl/src/util.rs
@@ -14,13 +14,14 @@
 
 //! Utility functions.
 
+use crate::err::get_error_reason_code;
 use bssl_avf_error::{ApiName, Error, Result};
 use log::error;
 
 pub(crate) fn check_int_result(ret: i32, api_name: ApiName) -> Result<()> {
     match ret {
         1 => Ok(()),
-        0 => Err(Error::CallFailed(api_name)),
+        0 => Err(Error::CallFailed(api_name, get_error_reason_code())),
         _ => {
             error!(
                 "Received a return value ({}) other than 0 or 1 from the BoringSSL API: {:?}",
@@ -30,3 +31,7 @@
         }
     }
 }
+
+pub(crate) fn to_call_failed_error(api_name: ApiName) -> Error {
+    Error::CallFailed(api_name, get_error_reason_code())
+}