cr50: Update AES public APIsfactory-ambassador-14265.B-cr50_stab

To support FIPS mode we need to block access to crypto in case of
errors.

1) Added check for FIPS errors into DCRYPTO_aes_init()
2) Return codes updated to enum dcrypto_result
3) Call sites updated to check for return codes

BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Id614cc346fe22537e9208196bf1322221a253b0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194985
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>

1 files changed, 4 insertions, 3 deletions

diff --git a/board/cr50/dcrypto/aes_cmac.c b/board/cr50/dcrypto/aes_cmac.c
index 4f996f42b6..a921bc589b 100644
--- a/board/cr50/dcrypto/aes_cmac.c
+++ b/board/cr50/dcrypto/aes_cmac.c
@@ -54,10 +54,11 @@ static int aes128(const uint8_t *K, const uint32_t in[4], uint32_t out[4])
 {
 	const uint32_t zero[4] = {0, 0, 0, 0};
 
-	if (!DCRYPTO_aes_init((const uint8_t *)K, 128, (const uint8_t *) zero,
-				CIPHER_MODE_ECB, ENCRYPT_MODE))
+	if (DCRYPTO_aes_init((const uint8_t *)K, 128, (const uint8_t *)zero,
+			     CIPHER_MODE_ECB, ENCRYPT_MODE) != DCRYPTO_OK)
 		return 0;
-	if (!DCRYPTO_aes_block((const uint8_t *) in, (uint8_t *) out))
+	if (DCRYPTO_aes_block((const uint8_t *)in, (uint8_t *)out) !=
+	    DCRYPTO_OK)
 		return 0;
 	return 1;
 }