diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-07-24 17:38:23 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-07-26 20:49:01 +0000 |
commit | 30ab5997d7aed6c71943c9779544792695f4608f (patch) | |
tree | 9c3ce75fbde3e4f8f83a752f159a9553971614a5 | |
parent | 9ff89625dc098838a60ace547b2db4ebb27dee41 (diff) | |
download | chrome-ec-30ab5997d7aed6c71943c9779544792695f4608f.tar.gz |
fpsensor: Change crypto functions to return error code instead of result code
EC_RES_SUCCESS and EC_RES_ERROR are meant to be returned in EC command
handler to represent command result, so change crypto functions to
return EC_SUCCESS and EC error codes instead.
BRANCH=nocturne
BUG=none
TEST=make -j buildall
TEST=tested enrollment, matching, deletion and multifinger on
nocturne DUT
Change-Id: Ia98fa7469ab4e5dba00ede19dd34c5007d17b054
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1715512
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
-rw-r--r-- | common/fpsensor/fpsensor.c | 8 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 34 | ||||
-rw-r--r-- | include/fpsensor_crypto.h | 6 | ||||
-rw-r--r-- | test/fpsensor.c | 8 |
4 files changed, 28 insertions, 28 deletions
diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c index 98ac892d18..facdd3c1bb 100644 --- a/common/fpsensor/fpsensor.c +++ b/common/fpsensor/fpsensor.c @@ -419,7 +419,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args) exit_trng(); ret = derive_encryption_key(key, enc_info->salt); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to derive key", fgr); return EC_RES_UNAVAILABLE; } @@ -429,7 +429,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args) sizeof(fp_template[0]), enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to encrypt template", fgr); return EC_RES_UNAVAILABLE; } @@ -507,7 +507,7 @@ static int fp_command_template(struct host_cmd_handler_args *args) return EC_RES_INVALID_PARAM; } ret = derive_encryption_key(key, enc_info->salt); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to derive key", idx); return EC_RES_UNAVAILABLE; } @@ -517,7 +517,7 @@ static int fp_command_template(struct host_cmd_handler_args *args) sizeof(fp_template[0]), enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to decipher template", idx); /* Don't leave bad data in the template buffer */ fp_clear_finger_context(idx); diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 3a5a8b251c..6385b7116d 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -22,7 +22,7 @@ static int get_ikm(uint8_t *ikm) if (!fp_tpm_seed_is_set()) { CPRINTS("Seed hasn't been set."); - return EC_RES_ERROR; + return EC_ERROR_ACCESS_DENIED; } /* @@ -32,7 +32,7 @@ static int get_ikm(uint8_t *ikm) ret = rollback_get_secret(ikm); if (ret != EC_SUCCESS) { CPRINTS("Failed to read rollback secret: %d", ret); - return EC_RES_ERROR; + return EC_ERROR_HW_INTERNAL; } /* * IKM is the concatenation of the rollback secret and the seed from @@ -40,7 +40,7 @@ static int get_ikm(uint8_t *ikm) */ memcpy(ikm + CONFIG_ROLLBACK_SECRET_SIZE, tpm_seed, sizeof(tpm_seed)); - return EC_RES_SUCCESS; + return EC_SUCCESS; } static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, @@ -63,12 +63,12 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, if (out_key_size > SHA256_DIGEST_SIZE) { CPRINTS("Deriving key material longer than SHA256_DIGEST_SIZE " "requires more steps of HKDF expand."); - return EC_RES_ERROR; + return EC_ERROR_INVAL; } if (info_size > SHA256_DIGEST_SIZE) { CPRINTS("Info size too big for HKDF."); - return EC_RES_ERROR; + return EC_ERROR_INVAL; } memcpy(message_buf, info, info_size); @@ -79,7 +79,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, memcpy(out_key, key_buf, out_key_size); memset(key_buf, 0, sizeof(key_buf)); - return EC_RES_SUCCESS; + return EC_SUCCESS; } int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) @@ -93,9 +93,9 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) BUILD_ASSERT(sizeof(user_id) == SHA256_DIGEST_SIZE); ret = get_ikm(ikm); - if (ret != EC_RES_SUCCESS) { + if (ret != EC_SUCCESS) { CPRINTS("Failed to get IKM: %d", ret); - return EC_RES_ERROR; + return ret; } /* "Extract step of HKDF. */ @@ -126,13 +126,13 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size, if (nonce_size != FP_CONTEXT_NONCE_BYTES) { CPRINTS("Invalid nonce size %d bytes", nonce_size); - return EC_RES_INVALID_PARAM; + return EC_ERROR_INVAL; } res = AES_set_encrypt_key(key, 8 * key_size, &aes_key); if (res) { CPRINTS("Failed to set encryption key: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f)AES_encrypt, 0); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_size); @@ -141,10 +141,10 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size, text_size); if (!res) { CPRINTS("Failed to encrypt: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } CRYPTO_gcm128_tag(&ctx, tag, tag_size); - return EC_RES_SUCCESS; + return EC_SUCCESS; } int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, @@ -158,13 +158,13 @@ int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, if (nonce_size != FP_CONTEXT_NONCE_BYTES) { CPRINTS("Invalid nonce size %d bytes", nonce_size); - return EC_RES_INVALID_PARAM; + return EC_ERROR_INVAL; } res = AES_set_encrypt_key(key, 8 * key_size, &aes_key); if (res) { CPRINTS("Failed to set decryption key: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f)AES_encrypt, 0); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_size); @@ -173,12 +173,12 @@ int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, text_size); if (!res) { CPRINTS("Failed to decrypt: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } res = CRYPTO_gcm128_finish(&ctx, tag, tag_size); if (!res) { CPRINTS("Found incorrect tag: %d", res); - return EC_RES_ERROR; + return EC_ERROR_UNKNOWN; } - return EC_RES_SUCCESS; + return EC_SUCCESS; } diff --git a/include/fpsensor_crypto.h b/include/fpsensor_crypto.h index 26fe96a328..ebda41bcb9 100644 --- a/include/fpsensor_crypto.h +++ b/include/fpsensor_crypto.h @@ -13,7 +13,7 @@ * * @param outkey the pointer to buffer holding the output key. * @param salt the salt to use in HKDF. - * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise. + * @return EC_SUCCESS on success and error code otherwise. */ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt); @@ -29,7 +29,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt); * @param nonce_size the size of |nonce| in bytes. * @param tag the tag to hold the authenticator after encryption. * @param tag_size the size of |tag|. - * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise. + * @return EC_SUCCESS on success and error code otherwise. */ int aes_gcm_encrypt(const uint8_t *key, int key_size, const uint8_t *plaintext, @@ -49,7 +49,7 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size, * @param nonce_size the size of |nonce| in bytes. * @param tag the tag to compare against when decryption finishes. * @param tag_size the length of tag to compare against. - * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise. + * @return EC_SUCCESS on success and error code otherwise. */ int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, const uint8_t *ciphertext, int text_size, diff --git a/test/fpsensor.c b/test/fpsensor.c index c06a08d69b..33998b6b00 100644 --- a/test/fpsensor.c +++ b/test/fpsensor.c @@ -89,7 +89,7 @@ test_static int test_derive_encryption_key_failure_seed_not_set(void) /* THEN derivation will fail. */ TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) == - EC_RES_ERROR); + EC_ERROR_ACCESS_DENIED); return EC_SUCCESS; } @@ -108,7 +108,7 @@ static int test_derive_encryption_key_raw(const uint32_t *user_id_, memcpy(user_id, user_id_, sizeof(user_id)); rv = derive_encryption_key(key, salt); - TEST_ASSERT(rv == EC_RES_SUCCESS); + TEST_ASSERT(rv == EC_SUCCESS); TEST_ASSERT_ARRAY_EQ(key, expected_key, sizeof(key)); return EC_SUCCESS; @@ -178,7 +178,7 @@ test_static int test_derive_encryption_key_failure_rollback_fail(void) rollback_should_fail = 1; /* THEN the derivation will fail. */ TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) == - EC_RES_ERROR); + EC_ERROR_HW_INTERNAL); /* GIVEN that reading the rollback secret will succeed. */ rollback_should_fail = 0; @@ -186,7 +186,7 @@ test_static int test_derive_encryption_key_failure_rollback_fail(void) TEST_ASSERT(fp_tpm_seed_is_set()); /* THEN the derivation will succeed. */ TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) == - EC_RES_SUCCESS); + EC_SUCCESS); return EC_SUCCESS; } |