1
10
13
14
20
21
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
105
106
107
113
114
115
116
117
118
119
120
121
122
123
124
125
126
132
133
134
135
136
137
138
139
140
141
142
148
149
150
156
162
163
169
170
176
177
178
184
185
191
197
198
204
205
206
212
213
219
224
230
236
242
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
267
268
269
270
271
272
273
274
276
277
281
282
283
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_tls.h"
...
...
VOID _nx_secure_tls_map_error_to_alert(UINT error_number, UINT *alert_number, UINT *alert_level)
{
/* ... */
switch (error_number)
{
case NX_SECURE_TLS_UNRECOGNIZED_MESSAGE_TYPE:
case NX_SECURE_TLS_ALERT_RECEIVED:
case NX_SECURE_TLS_UNEXPECTED_CLIENTHELLO:
case NX_SECURE_TLS_BAD_CIPHERSPEC:
case NX_SECURE_TLS_UNEXPECTED_MESSAGE:
*alert_number = NX_SECURE_TLS_ALERT_UNEXPECTED_MESSAGE;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_UNEXPECTED_MESSAGE:
case NX_SECURE_TLS_HASH_MAC_VERIFY_FAILURE:
case NX_SECURE_TLS_AEAD_DECRYPT_FAIL:
case NX_SECURE_TLS_PADDING_CHECK_FAILED:
*alert_number = NX_SECURE_TLS_ALERT_BAD_RECORD_MAC;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_PADDING_CHECK_FAILED:
case NX_SECURE_TLS_UNKNOWN_CIPHERSUITE:
case NX_SECURE_TLS_UNSUPPORTED_CIPHER:
case NX_SECURE_TLS_HANDSHAKE_FAILURE:
case NX_SECURE_TLS_NO_SUPPORTED_CIPHERS:
case NX_SECURE_TLS_UNSUPPORTED_FEATURE:
case NX_SECURE_TLS_UNSUPPORTED_ECC_CURVE:
case NX_SECURE_TLS_UNSUPPORTED_ECC_FORMAT:
case NX_SECURE_TLS_EXTENSION_NOT_FOUND:
case NX_SECURE_TLS_SNI_EXTENSION_INVALID:
case NX_SECURE_TLS_EMPTY_EC_GROUP:
case NX_SECURE_TLS_EMPTY_EC_POINT_FORMAT:
case NX_SECURE_TLS_UNSUPPORTED_SIGNATURE_ALGORITHM:
case NX_SECURE_TLS_RENEGOTIATION_SESSION_INACTIVE:
case NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR:
*alert_number = NX_SECURE_TLS_ALERT_HANDSHAKE_FAILURE;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR:
case NX_SECURE_TLS_INVALID_SERVER_CERT:
case NX_SECURE_TLS_INVALID_CERTIFICATE:
case NX_SECURE_TLS_CERTIFICATE_SIG_CHECK_FAILED:
case NX_SECURE_TLS_CERTIFICATE_NOT_FOUND:
case NX_SECURE_TLS_CERTIFICATE_VERIFY_FAILURE:
case NX_SECURE_TLS_EMPTY_REMOTE_CERTIFICATE_RECEIVED:
case NX_SECURE_X509_WRONG_SIGNATURE_METHOD:
case NX_SECURE_X509_INVALID_DATE_FORMAT:
case NX_SECURE_X509_ASN1_LENGTH_TOO_LONG:
case NX_SECURE_X509_CERTIFICATE_NOT_FOUND:
case NX_SECURE_X509_PKCS7_PARSING_FAILED:
*alert_number = NX_SECURE_TLS_ALERT_BAD_CERTIFICATE;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_X509_PKCS7_PARSING_FAILED:
case NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER:
case NX_SECURE_TLS_UNSUPPORTED_CERT_SIGN_TYPE:
case NX_SECURE_TLS_UNSUPPORTED_CERT_SIGN_ALG:
*alert_number = NX_SECURE_TLS_ALERT_UNSUPPORTED_CERTIFICATE;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_UNSUPPORTED_CERT_SIGN_ALG:
case NX_SECURE_X509_CRL_CERTIFICATE_REVOKED:
*alert_number = NX_SECURE_TLS_ALERT_CERTIFICATE_REVOKED;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_X509_CRL_CERTIFICATE_REVOKED:
case NX_SECURE_X509_CERTIFICATE_EXPIRED:
case NX_SECURE_X509_CERTIFICATE_NOT_YET_VALID:
*alert_number = NX_SECURE_TLS_ALERT_CERTIFICATE_EXPIRED;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_X509_CERTIFICATE_NOT_YET_VALID:
case NX_SECURE_TLS_INVALID_SELF_SIGNED_CERT:
case NX_SECURE_TLS_UNKNOWN_CERT_SIG_ALGORITHM:
*alert_number = NX_SECURE_TLS_ALERT_CERTIFICATE_UNKNOWN;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_UNKNOWN_CERT_SIG_ALGORITHM:
case NX_SECURE_TLS_BAD_COMPRESSION_METHOD:
case NX_SECURE_TLS_1_3_UNKNOWN_CIPHERSUITE:
case NX_SECURE_TLS_BAD_SERVERHELLO_KEYSHARE:
*alert_number = NX_SECURE_TLS_ALERT_ILLEGAL_PARAMETER;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_BAD_SERVERHELLO_KEYSHARE:
case NX_SECURE_TLS_ISSUER_CERTIFICATE_NOT_FOUND:
case NX_SECURE_X509_CHAIN_VERIFY_FAILURE:
*alert_number = NX_SECURE_TLS_ALERT_UNKNOWN_CA;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_X509_CHAIN_VERIFY_FAILURE:
case NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH:
*alert_number = NX_SECURE_TLS_ALERT_DECODE_ERROR;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH:
case NX_SECURE_TLS_FINISHED_HASH_FAILURE:
case NX_SECURE_TLS_SIGNATURE_VERIFICATION_ERROR:
*alert_number = NX_SECURE_TLS_ALERT_DECRYPT_ERROR;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_SIGNATURE_VERIFICATION_ERROR:
case NX_SECURE_TLS_PROTOCOL_VERSION_CHANGED:
case NX_SECURE_TLS_UNKNOWN_TLS_VERSION:
case NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION:
*alert_number = NX_SECURE_TLS_ALERT_PROTOCOL_VERSION;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION:
case NX_SECURE_TLS_NO_RENEGOTIATION_ERROR:
case NX_SECURE_TLS_RENEGOTIATION_FAILURE:
*alert_number = NX_SECURE_TLS_ALERT_NO_RENEGOTIATION;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_WARNING;
break;
case NX_SECURE_TLS_RENEGOTIATION_FAILURE:
case NX_SECURE_TLS_NO_MATCHING_PSK:
*alert_number = NX_SECURE_TLS_ALERT_UNKNOWN_PSK_IDENTITY;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_NO_MATCHING_PSK:
case NX_SECURE_TLS_INAPPROPRIATE_FALLBACK:
*alert_number = NX_SECURE_TLS_ALERT_INAPPROPRIATE_FALLBACK;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_INAPPROPRIATE_FALLBACK:
case NX_SECURE_TLS_MISSING_EXTENSION:
*alert_number = NX_SECURE_TLS_ALERT_MISSING_EXTENSION;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_MISSING_EXTENSION:
case NX_SECURE_TLS_CERTIFICATE_REQUIRED:
*alert_number = NX_SECURE_TLS_ALERT_CERTIFICATE_REQUIRED;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_CERTIFICATE_REQUIRED:
case NX_SECURE_TLS_RECORD_OVERFLOW:
*alert_number = NX_SECURE_TLS_ALERT_RECORD_OVERFLOW;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;
case NX_SECURE_TLS_RECORD_OVERFLOW:
case NX_SECURE_TLS_ALLOCATE_PACKET_FAILED:
case NX_SECURE_TLS_SESSION_UNINITIALIZED:
case NX_SECURE_TLS_INVALID_STATE:
case NX_SECURE_TLS_INVALID_PACKET:
case NX_SECURE_TLS_NEED_DTLS_SESSION:
case NX_SECURE_TLS_NEED_TLS_SESSION:
case NX_SECURE_TLS_INSUFFICIENT_CERT_SPACE:
case NX_SECURE_TLS_TCP_SEND_FAILED:
case NX_SECURE_TLS_NO_CLOSE_RESPONSE:
case NX_SECURE_TLS_NO_MORE_PSK_SPACE:
case NX_SECURE_TLS_NO_CERT_SPACE_ALLOCATED:
case NX_SECURE_TLS_CLOSE_NOTIFY_RECEIVED:
case NX_SECURE_TLS_PACKET_BUFFER_TOO_SMALL:
case NX_SECURE_TLS_CERT_ID_INVALID:
case NX_SECURE_TLS_CRYPTO_KEYS_TOO_LARGE:
case NX_SECURE_TLS_CERT_ID_DUPLICATE:
case NX_SECURE_TLS_CERT_ID_DUPLICATE:
case NX_SECURE_TLS_OUT_OF_ORDER_MESSAGE:
case NX_SECURE_TLS_INVALID_REMOTE_HOST:
case NX_SECURE_TLS_INVALID_EPOCH:
case NX_SECURE_TLS_REPEAT_MESSAGE_RECEIVED:
case NX_SECURE_TLS_SEND_ADDRESS_MISMATCH:
case NX_SECURE_TLS_NO_FREE_DTLS_SESSIONS:
case NX_SECURE_DTLS_SESSION_NOT_FOUND:
case NX_SECURE_TLS_NO_AVAILABLE_SESSIONS:
case NX_SECURE_TLS_NO_AVAILABLE_SESSIONS:
case NX_SECURE_TLS_SUCCESS:
default:
*alert_number = NX_SECURE_TLS_ALERT_INTERNAL_ERROR;
*alert_level = NX_SECURE_TLS_ALERT_LEVEL_FATAL;
break;default
}switch (error_number) { ... }
}{ ... }