diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-07-24 17:38:23 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-07-26 20:49:01 +0000 |
commit | 30ab5997d7aed6c71943c9779544792695f4608f (patch) | |
tree | 9c3ce75fbde3e4f8f83a752f159a9553971614a5 /common | |
parent | 9ff89625dc098838a60ace547b2db4ebb27dee41 (diff) | |
download | chrome-ec-30ab5997d7aed6c71943c9779544792695f4608f.tar.gz |
fpsensor: Change crypto functions to return error code instead of result code
EC_RES_SUCCESS and EC_RES_ERROR are meant to be returned in EC command
handler to represent command result, so change crypto functions to
return EC_SUCCESS and EC error codes instead.
BRANCH=nocturne
BUG=none
TEST=make -j buildall
TEST=tested enrollment, matching, deletion and multifinger on
nocturne DUT
Change-Id: Ia98fa7469ab4e5dba00ede19dd34c5007d17b054
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1715512
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Diffstat (limited to 'common')
-rw-r--r-- | common/fpsensor/fpsensor.c | 8 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 34 |
2 files changed, 21 insertions, 21 deletions
diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c index 98ac892d18..facdd3c1bb 100644 --- a/common/fpsensor/fpsensor.c +++ b/common/fpsensor/fpsensor.c @@ -419,7 +419,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args) exit_trng(); ret = derive_encryption_key(key, enc_info->salt); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to derive key", fgr); return EC_RES_UNAVAILABLE; } @@ -429,7 +429,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args) sizeof(fp_template[0]), enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to encrypt template", fgr); return EC_RES_UNAVAILABLE; } @@ -507,7 +507,7 @@ static int fp_command_template(struct host_cmd_handler_args *args) return EC_RES_INVALID_PARAM; } ret = derive_encryption_key(key, enc_info->salt); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to derive key", idx); return EC_RES_UNAVAILABLE; } @@ -517,7 +517,7 @@ static int fp_command_template(struct host_cmd_handler_args *args) sizeof(fp_template[0]), enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to decipher template", idx); /* Don't leave bad data in the template buffer */ fp_clear_finger_context(idx); diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 3a5a8b251c..6385b7116d 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -22,7 +22,7 @@ static int get_ikm(uint8_t *ikm) if (!fp_tpm_seed_is_set()) { CPRINTS("Seed hasn't been set."); - return EC_RES_ERROR; + return EC_ERROR_ACCESS_DENIED; } /* @@ -32,7 +32,7 @@ static int get_ikm(uint8_t *ikm) ret = rollback_get_secret(ikm); if (ret != EC_SUCCESS) { CPRINTS("Failed to read rollback secret: %d", ret); - return EC_RES_ERROR; + return EC_ERROR_HW_INTERNAL; } /* * IKM is the concatenation of the rollback secret and the seed from @@ -40,7 +40,7 @@ static int get_ikm(uint8_t *ikm) */ memcpy(ikm + CONFIG_ROLLBACK_SECRET_SIZE, tpm_seed, sizeof(tpm_seed)); - return EC_RES_SUCCESS; + return EC_SUCCESS; } static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, @@ -63,12 +63,12 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, if (out_key_size > SHA256_DIGEST_SIZE) { CPRINTS("Deriving key material longer than SHA256_DIGEST_SIZE " "requires more steps of HKDF expand."); - return EC_RES_ERROR; + return EC_ERROR_INVAL; } if (info_size > SHA256_DIGEST_SIZE) { CPRINTS("Info size too big for HKDF."); - return EC_RES_ERROR; + return EC_ERROR_INVAL; } memcpy(message_buf, info, info_size); @@ -79,7 +79,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, memcpy(out_key, key_buf, out_key_size); memset(key_buf, 0, sizeof(key_buf)); - return EC_RES_SUCCESS; + return EC_SUCCESS; } int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) @@ -93,9 +93,9 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) BUILD_ASSERT(sizeof(user_id) == SHA256_DIGEST_SIZE); ret = get_ikm(ikm); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("Failed to get IKM: %d", ret); - return EC_RES_ERROR; + return ret; } /* "Extract step of HKDF. */ @@ -126,13 +126,13 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size, if (nonce_size != FP_CONTEXT_NONCE_BYTES) { CPRINTS("Invalid nonce size %d bytes", nonce_size); - return EC_RES_INVALID_PARAM; + return EC_ERROR_INVAL; } res = AES_set_encrypt_key(key, 8 * key_size, &aes_key); if (res) { CPRINTS("Failed to set encryption key: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f)AES_encrypt, 0); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_size); @@ -141,10 +141,10 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size, text_size); if (!res) { CPRINTS("Failed to encrypt: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } CRYPTO_gcm128_tag(&ctx, tag, tag_size); - return EC_RES_SUCCESS; + return EC_SUCCESS; } int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, @@ -158,13 +158,13 @@ int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, if (nonce_size != FP_CONTEXT_NONCE_BYTES) { CPRINTS("Invalid nonce size %d bytes", nonce_size); - return EC_RES_INVALID_PARAM; + return EC_ERROR_INVAL; } res = AES_set_encrypt_key(key, 8 * key_size, &aes_key); if (res) { CPRINTS("Failed to set decryption key: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f)AES_encrypt, 0); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_size); @@ -173,12 +173,12 @@ int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, text_size); if (!res) { CPRINTS("Failed to decrypt: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } res = CRYPTO_gcm128_finish(&ctx, tag, tag_size); if (!res) { CPRINTS("Found incorrect tag: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } - return EC_RES_SUCCESS; + return EC_SUCCESS; } |