cr50: usb_pdu_valid should check if crypto is allowed before check

In unusual case when FIPS test fails, fw_upgrade will fail too as
usb_pdu_valid() didn't check for failure and incorrectly assumed that
digest of data doesn't match. Making check conditional on success of
hash computation.

BUG=b:205836895
TEST=make BOARD=cr50 CRYPTO_TEST=1;
     fips sha
     fips test in CCD
    attempt to firmware upgrade using gsctool

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Iea38f82a46fb00ad0ed543cd9b4b950a6b1c102e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3272287
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>

1 files changed, 7 insertions, 7 deletions

diff --git a/chip/g/upgrade_fw.c b/chip/g/upgrade_fw.c
index 328ce4dbb5..41fddc3563 100644
--- a/chip/g/upgrade_fw.c
+++ b/chip/g/upgrade_fw.c
@@ -149,14 +149,14 @@ int usb_pdu_valid(struct upgrade_command *cmd_body,  size_t cmd_size)
 					       cmd.block_base);
 
 	/* Check if the block was received properly. */
-	DCRYPTO_SHA1_hash(&cmd_body->block_base,
-			  body_size + sizeof(cmd_body->block_base),
-			  sha1_digest);
-	if (memcmp(sha1_digest, &cmd_body->block_digest,
+	if (DCRYPTO_SHA1_hash(&cmd_body->block_base,
+			      body_size + sizeof(cmd_body->block_base),
+			      sha1_digest) &&
+	    memcmp(sha1_digest, &cmd_body->block_digest,
 		   sizeof(cmd_body->block_digest))) {
-		CPRINTF("%s:%d sha1 %x not equal received %x\n",
-			__func__, __LINE__,
-			*(uint32_t *)sha1_digest, cmd_body->block_digest);
+		CPRINTF("%s:%d sha1 %x not equal received %x\n", __func__,
+			__LINE__, *(uint32_t *)sha1_digest,
+			cmd_body->block_digest);
 		return 0;
 	}