1 // Copyright 2025 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 //! Error handling for AuthMgr Backend 18 19 use alloc::string::String; 20 use authgraph_core::error::Error as AGError; 21 use authmgr_common::{Error as AMError, ErrorCode as AMErrorCode}; 22 use coset::CoseError; 23 24 /// AuthMgr BE error type 25 #[derive(Debug)] 26 pub struct Error(pub ErrorCode, pub String); 27 28 /// Internal error codes corresponding to values in `Error.aidl` 29 #[derive(Debug, Clone, Copy, PartialEq, Eq)] 30 #[repr(i32)] 31 pub enum ErrorCode { 32 /// Success 33 Ok = 0, 34 /// Duplicated attempt to start authentication from the same transport ID 35 AuthenticationAlreadyStarted = -1, 36 /// Duplicated authenticated attempt with the same instance ID 37 InstanceAlreadyAuthenticated = -2, 38 /// Invalid DICE certificate chain of the AuthMgr FE 39 InvalidDiceCertChain = -3, 40 /// Invalid DICE leaf of the client 41 InvalidDiceLeaf = -4, 42 /// Invalid DICE policy 43 InvalidDicePolicy = -5, 44 /// The DICE chain to policy matching failed 45 DicePolicyMatchingFailed = -6, 46 /// Invalid signature 47 SignatureVerificationFailed = -7, 48 /// Failed to handover the connection to the trusted service 49 ConnectionHandoverFailed = -8, 50 /// An authentication required request (e.g. phase 2) is invoked on a non-authenticated 51 /// connection 52 ConnectionNotAuthenticated = -9, 53 /// There is no pending connection to authorize in phase 2 54 NoConnectionToAuthorize = -10, 55 /// Invalid instance identifier */ 56 InvalidInstanceIdentifier = -11, 57 /// Failed to allocate memory 58 MemoryAllocationFailed = -12, 59 /// An instance which is pending deletion is trying to authenticate 60 InstancePendingDeletion = -13, 61 /// A client which is pending deletion is trying to authorize 62 ClientPendingDeletion = -14, 63 /// Trying to complete authentication for an instance for which authentication is not started 64 AuthenticationNotStarted = -15, 65 /// Creation of the pVM instance's context in the secure storage is not allowed 66 InstanceContextCreationDenied = -16, 67 /// A new connection for a client cannot be created from a non-authenticated pVM instance 68 InstanceNotAuthenticated = -17, 69 /// An authenticated connection between the AuthMgr FE and BE cannot be used as the connection 70 /// between a client and a trusted service. 71 NewConnectionRequiredForClient = -18, 72 // Error codes corresponding to Binder error values 73 /// Internal processing error 74 InternalError = -19, 75 /// Unimplemented 76 Unimplemented = -20, 77 } 78 79 impl From<AGError> for Error { from(ag_error: AGError) -> Self80 fn from(ag_error: AGError) -> Self { 81 Error(ErrorCode::InternalError, ag_error.1) 82 } 83 } 84 85 impl From<AMError> for Error { from(am_error: AMError) -> Self86 fn from(am_error: AMError) -> Self { 87 match am_error.0 { 88 AMErrorCode::SignatureVerificationFailed => { 89 crate::am_err!(SignatureVerificationFailed, "{}", am_error.1) 90 } 91 AMErrorCode::DicePolicyMatchingFailed => { 92 crate::am_err!(DicePolicyMatchingFailed, "{}", am_error.1) 93 } 94 _ => crate::am_err!(InternalError, "{}", am_error.1), 95 } 96 } 97 } 98 99 impl From<CoseError> for Error { from(e: CoseError) -> Self100 fn from(e: CoseError) -> Self { 101 crate::am_err!(InternalError, "COSE error: {:?}", e) 102 } 103 } 104 105 impl From<::alloc::collections::TryReserveError> for Error { from(e: alloc::collections::TryReserveError) -> Self106 fn from(e: alloc::collections::TryReserveError) -> Self { 107 crate::am_err!(MemoryAllocationFailed, "memory allocation failed: {:?}", e) 108 } 109 } 110 111 /// Macro to build an [`Error`] instance. 112 /// E.g. use: `am_err!(InternalError, "some {} format", arg)`. 113 #[macro_export] 114 macro_rules! am_err { 115 { $error_code:ident, $($arg:tt)+ } => { 116 Error(ErrorCode::$error_code, 117 alloc::format!("{}:{}: {}", file!(), line!(), format_args!($($arg)+))) }; 118 } 119