Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 9d90b8114b651518c3f11810077dd8e473119910^! / . / keystore2 / src / crypto / error.rs
commit9d90b8114b651518c3f11810077dd8e473119910[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Wed Nov 25 21:02:11 2020 -0800
committerJanis Danisevskis <jdanis@google.com>Wed Dec 16 10:19:08 2020 -0800
tree971b344d4a59c8cd5dbe1ffecac9c5d161340309
parent610bfeb110edb8ec7dc5e6e67b26611c9fce75d5 [diff] [blame]
Keystore 2.0: Add safe crypto wrapper

 * Adds safe wrappers for AES_gcm_decrypt and AES_gcm_encrypt.
 * Adds AES256 key generation.
 * Adds ZVec, a simple fixed size owned vector type that locks
   the backing memory in place with mlock and zeroes the buffer
   before freeing it.

Test: keystore2_test
Bug: 173545997
Change-Id: Id7e30d50b024da1fa8aa58a07cd9bb7a861f81f0

diff --git a/keystore2/src/crypto/error.rs b/keystore2/src/crypto/error.rs
new file mode 100644
index 0000000..2eb97b9
--- /dev/null
+++ b/keystore2/src/crypto/error.rs

@@ -0,0 +1,59 @@
+// Copyright 2020, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This module implements Error for the keystore2_crypto library.
+
+/// Crypto specific error codes.
+#[derive(Debug, thiserror::Error, Eq, PartialEq)]
+pub enum Error {
+    /// This is returned if the C/C++ implementation of AES_gcm_decrypt returned false.
+    #[error("Failed to decrypt.")]
+    DecryptionFailed,
+
+    /// This is returned if the C/C++ implementation of AES_gcm_encrypt returned false.
+    #[error("Failed to encrypt.")]
+    EncryptionFailed,
+
+    /// The initialization vector has the wrong length.
+    #[error("Invalid IV length.")]
+    InvalidIvLength,
+
+    /// The aead tag has the wrong length.
+    #[error("Invalid AEAD tag length.")]
+    InvalidAeadTagLength,
+
+    /// The key has the wrong length.
+    #[error("Invalid key length.")]
+    InvalidKeyLength,
+
+    /// Invalid data length.
+    #[error("Invalid data length.")]
+    InvalidDataLength,
+
+    /// Invalid salt length.
+    #[error("Invalid salt length.")]
+    InvalidSaltLength,
+
+    /// Random number generation failed.
+    #[error("Random number generation failed.")]
+    RandomNumberGenerationFailed,
+
+    /// ZVec construction failed.
+    #[error(transparent)]
+    LayoutError(#[from] std::alloc::LayoutErr),
+
+    /// Nix error.
+    #[error(transparent)]
+    NixError(#[from] nix::Error),
+}