diff --git a/demo/fw/src/cage.c b/demo/fw/src/cage.c index f8125e0..c1bf2d4 100644 --- a/demo/fw/src/cage.c +++ b/demo/fw/src/cage.c @@ -65,6 +65,26 @@ void ca_keystore_free(struct ca_keystore *ks) { mbedtls_ecp_keypair_free(&(ks->x25519_kp)); } +const char *ca_errstr(enum ca_error err) { + switch (err) { + case CA_ERR_SUCCESS: return "success"; + case CA_ERR_INVALID_HEADER: return "header invalid"; + case CA_ERR_INVALID_HEADER_ARG: return "invalid stanza argument"; + case CA_ERR_KEY_WRAPPING_DECRYPTION_FAILURE: return "failure while unwrapping key"; + case CA_ERR_BROKEN_BASE64: return "invalid base64 in header"; + case CA_ERR_FILE_FORMAT_TOO_NEW: return "unsupported newer version of age format"; + case CA_ERR_CORRUPTED_STATE: return "corrupted state (this is a bug!)"; + case CA_ERR_OUT_OF_MEMORY: return "cannot allocate memory"; + case CA_ERR_MBEDTLS_ERROR: return "mbedtls error"; + case CA_ERR_MAC_MISMATCH: return "message authentication code mismatch"; + case CA_ERR_INVALID_PARAMETER: return "invalid data passed by caller (this is a bug!)"; + case CA_ERR_NOT_ENOUGH_SPACE: return "buffer passed by caller too small (this is a bug!)"; + case CA_ERR_KEY_NOT_FOUND: return "no matching key found"; + case CA_ERR_TOO_MANY_STANZAS: return "header contains too many stanzas"; + default: return "unknown error (this is a bug!)"; + } +} + enum ca_error ca_keystore_load_x25519_private_key(struct ca_keystore *ks, const unsigned char buf[32]) { enum ca_error err = CA_ERR_CORRUPTED_STATE; /* diff --git a/demo/fw/src/cage.h b/demo/fw/src/cage.h index 89e802b..57194c5 100644 --- a/demo/fw/src/cage.h +++ b/demo/fw/src/cage.h @@ -36,5 +36,6 @@ void ca_keystore_init(struct ca_keystore *ks); void ca_keystore_free(struct ca_keystore *ks); enum ca_error ca_keystore_load_x25519_private_key(struct ca_keystore *ks, const unsigned char buf[32]); enum ca_error stream_decrypt(unsigned char *out, size_t outlen, size_t *out_written, const unsigned char *in, size_t inlen, const unsigned char file_key[16]); +const char *ca_errstr(enum ca_error err); #endif /* __CAGE_H__ */ diff --git a/demo/fw/src/main.c b/demo/fw/src/main.c index 01b9c80..0fc27af 100644 --- a/demo/fw/src/main.c +++ b/demo/fw/src/main.c @@ -376,29 +376,29 @@ int main(void) if (payload_len < 0 || payload_len > sizeof(payload_buf) - sizeof(uint32_t)) { con_printf_blocking("Invalid payload size %zx\r\n", payload_len); spif_printf(&spif, "\033[H\033[0m\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\033[H"); - spif_printf(&spif, "\033[1;91mDecryption error!\033[0m\n"); + spif_printf(&spif, "\033[1;91mDecryption error!\033[0m\nInvalid payload size %zx\n", payload_len); continue; } unsigned char file_key[16]; err = parse_age_buf(&ks, payload_buf + sizeof(uint32_t), payload_len+1, file_key); if (err) { - con_printf_blocking("Error parsing payload age header: %d\r\n", err); + con_printf_blocking("Error parsing payload age header: %s (%d)\r\n", ca_errstr(err), err); spif_printf(&spif, "\033[H\033[0m\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\033[H"); - spif_printf(&spif, "\033[1;91mDecryption error!\033[0m\n"); + spif_printf(&spif, "\033[1;91mDecryption error!\033[0m\n%s (%d)\n", ca_errstr(err), err); continue; } size_t decrypted_size = 0; err = stream_decrypt(dec_buf, sizeof(dec_buf), &decrypted_size, payload_buf + sizeof(uint32_t), payload_len, file_key); if (err) { - con_printf_blocking("Error decrypting payload: %d\r\n", err); + con_printf_blocking("Error decrypting payload: %s (%d)\r\n", ca_errstr(err), err); spif_printf(&spif, "\033[H\033[0m\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\033[H"); - spif_printf(&spif, "\033[1;91mDecryption error!\033[0m\n"); + spif_printf(&spif, "\033[1;91mDecryption error!\033[0m\n%s (%d)\n", ca_errstr(err), err); continue; } - assert (decrypted_size > 0 && decrypted_size < sizeof(dec_buf)); + assert(decrypted_size > 0 && decrypted_size < sizeof(dec_buf)); dec_buf[decrypted_size-1] = '\0'; /* overwrite trailing \n */ con_printf_blocking("decrypted payload: %s\r\n", dec_buf);