fpsensor: Change crypto functions to return error code instead of result code

EC_RES_SUCCESS and EC_RES_ERROR are meant to be returned in EC command
handler to represent command result, so change crypto functions to
return EC_SUCCESS and EC error codes instead.

BRANCH=nocturne
BUG=none
TEST=make -j buildall
TEST=tested enrollment, matching, deletion and multifinger on
nocturne DUT

Change-Id: Ia98fa7469ab4e5dba00ede19dd34c5007d17b054
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1715512
Reviewed-by: Nicolas Norvez <norvez@chromium.org>

4 files changed, 28 insertions, 28 deletions

diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c
index 98ac892d18..facdd3c1bb 100644
--- a/common/fpsensor/fpsensor.c
+++ b/common/fpsensor/fpsensor.c
@@ -419,7 +419,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args)
 		exit_trng();
 
 		ret = derive_encryption_key(key, enc_info->salt);
-		if (ret != EC_RES_SUCCESS) {
+		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to derive key", fgr);
 			return EC_RES_UNAVAILABLE;
 		}
@@ -429,7 +429,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args)
 				      sizeof(fp_template[0]),
 				      enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
 				      enc_info->tag, FP_CONTEXT_TAG_BYTES);
-		if (ret != EC_RES_SUCCESS) {
+		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to encrypt template", fgr);
 			return EC_RES_UNAVAILABLE;
 		}
@@ -507,7 +507,7 @@ static int fp_command_template(struct host_cmd_handler_args *args)
 			return EC_RES_INVALID_PARAM;
 		}
 		ret = derive_encryption_key(key, enc_info->salt);
-		if (ret != EC_RES_SUCCESS) {
+		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to derive key", idx);
 			return EC_RES_UNAVAILABLE;
 		}
@@ -517,7 +517,7 @@ static int fp_command_template(struct host_cmd_handler_args *args)
 				      sizeof(fp_template[0]),
 				      enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
 				      enc_info->tag, FP_CONTEXT_TAG_BYTES);
-		if (ret != EC_RES_SUCCESS) {
+		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to decipher template", idx);
 			/* Don't leave bad data in the template buffer */
 			fp_clear_finger_context(idx);
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c
index 3a5a8b251c..6385b7116d 100644
--- a/common/fpsensor/fpsensor_crypto.c
+++ b/common/fpsensor/fpsensor_crypto.c
@@ -22,7 +22,7 @@ static int get_ikm(uint8_t *ikm)
 
 	if (!fp_tpm_seed_is_set()) {
 		CPRINTS("Seed hasn't been set.");
-		return EC_RES_ERROR;
+		return EC_ERROR_ACCESS_DENIED;
 	}
 
 	/*
@@ -32,7 +32,7 @@ static int get_ikm(uint8_t *ikm)
 	ret = rollback_get_secret(ikm);
 	if (ret != EC_SUCCESS) {
 		CPRINTS("Failed to read rollback secret: %d", ret);
-		return EC_RES_ERROR;
+		return EC_ERROR_HW_INTERNAL;
 	}
 	/*
 	 * IKM is the concatenation of the rollback secret and the seed from
@@ -40,7 +40,7 @@ static int get_ikm(uint8_t *ikm)
 	 */
 	memcpy(ikm + CONFIG_ROLLBACK_SECRET_SIZE, tpm_seed, sizeof(tpm_seed));
 
-	return EC_RES_SUCCESS;
+	return EC_SUCCESS;
 }
 
 static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size,
@@ -63,12 +63,12 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
 	if (out_key_size > SHA256_DIGEST_SIZE) {
 		CPRINTS("Deriving key material longer than SHA256_DIGEST_SIZE "
 			"requires more steps of HKDF expand.");
-		return EC_RES_ERROR;
+		return EC_ERROR_INVAL;
 	}
 
 	if (info_size > SHA256_DIGEST_SIZE) {
 		CPRINTS("Info size too big for HKDF.");
-		return EC_RES_ERROR;
+		return EC_ERROR_INVAL;
 	}
 
 	memcpy(message_buf, info, info_size);
@@ -79,7 +79,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
 	memcpy(out_key, key_buf, out_key_size);
 	memset(key_buf, 0, sizeof(key_buf));
 
-	return EC_RES_SUCCESS;
+	return EC_SUCCESS;
 }
 
 int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
@@ -93,9 +93,9 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
 	BUILD_ASSERT(sizeof(user_id) == SHA256_DIGEST_SIZE);
 
 	ret = get_ikm(ikm);
-	if (ret != EC_RES_SUCCESS) {
+	if (ret != EC_SUCCESS) {
 		CPRINTS("Failed to get IKM: %d", ret);
-		return EC_RES_ERROR;
+		return ret;
 	}
 
 	/* "Extract step of HKDF. */
@@ -126,13 +126,13 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size,
 
 	if (nonce_size != FP_CONTEXT_NONCE_BYTES) {
 		CPRINTS("Invalid nonce size %d bytes", nonce_size);
-		return EC_RES_INVALID_PARAM;
+		return EC_ERROR_INVAL;
 	}
 
 	res = AES_set_encrypt_key(key, 8 * key_size, &aes_key);
 	if (res) {
 		CPRINTS("Failed to set encryption key: %d", res);
-		return EC_RES_ERROR;
+		return EC_ERROR_UNKNOWN;
 	}
 	CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f)AES_encrypt, 0);
 	CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_size);
@@ -141,10 +141,10 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size,
 				    text_size);
 	if (!res) {
 		CPRINTS("Failed to encrypt: %d", res);
-		return EC_RES_ERROR;
+		return EC_ERROR_UNKNOWN;
 	}
 	CRYPTO_gcm128_tag(&ctx, tag, tag_size);
-	return EC_RES_SUCCESS;
+	return EC_SUCCESS;
 }
 
 int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext,
@@ -158,13 +158,13 @@ int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext,
 
 	if (nonce_size != FP_CONTEXT_NONCE_BYTES) {
 		CPRINTS("Invalid nonce size %d bytes", nonce_size);
-		return EC_RES_INVALID_PARAM;
+		return EC_ERROR_INVAL;
 	}
 
 	res = AES_set_encrypt_key(key, 8 * key_size, &aes_key);
 	if (res) {
 		CPRINTS("Failed to set decryption key: %d", res);
-		return EC_RES_ERROR;
+		return EC_ERROR_UNKNOWN;
 	}
 	CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f)AES_encrypt, 0);
 	CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_size);
@@ -173,12 +173,12 @@ int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext,
 				    text_size);
 	if (!res) {
 		CPRINTS("Failed to decrypt: %d", res);
-		return EC_RES_ERROR;
+		return EC_ERROR_UNKNOWN;
 	}
 	res = CRYPTO_gcm128_finish(&ctx, tag, tag_size);
 	if (!res) {
 		CPRINTS("Found incorrect tag: %d", res);
-		return EC_RES_ERROR;
+		return EC_ERROR_UNKNOWN;
 	}
-	return EC_RES_SUCCESS;
+	return EC_SUCCESS;
 }
diff --git a/include/fpsensor_crypto.h b/include/fpsensor_crypto.h
index 26fe96a328..ebda41bcb9 100644
--- a/include/fpsensor_crypto.h
+++ b/include/fpsensor_crypto.h
@@ -13,7 +13,7 @@
  *
  * @param outkey the pointer to buffer holding the output key.
  * @param salt the salt to use in HKDF.
- * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise.
+ * @return EC_SUCCESS on success and error code otherwise.
  */
 int derive_encryption_key(uint8_t *out_key, const uint8_t *salt);
 
@@ -29,7 +29,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt);
  * @param nonce_size the size of |nonce| in bytes.
  * @param tag the tag to hold the authenticator after encryption.
  * @param tag_size the size of |tag|.
- * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise.
+ * @return EC_SUCCESS on success and error code otherwise.
  */
 int aes_gcm_encrypt(const uint8_t *key, int key_size,
 		    const uint8_t *plaintext,
@@ -49,7 +49,7 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size,
  * @param nonce_size the size of |nonce| in bytes.
  * @param tag the tag to compare against when decryption finishes.
  * @param tag_size the length of tag to compare against.
- * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise.
+ * @return EC_SUCCESS on success and error code otherwise.
  */
 int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext,
 		    const uint8_t *ciphertext, int text_size,
diff --git a/test/fpsensor.c b/test/fpsensor.c
index c06a08d69b..33998b6b00 100644
--- a/test/fpsensor.c
+++ b/test/fpsensor.c
@@ -89,7 +89,7 @@ test_static int test_derive_encryption_key_failure_seed_not_set(void)
 
 	/* THEN derivation will fail. */
 	TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) ==
-		EC_RES_ERROR);
+		EC_ERROR_ACCESS_DENIED);
 
 	return EC_SUCCESS;
 }
@@ -108,7 +108,7 @@ static int test_derive_encryption_key_raw(const uint32_t *user_id_,
 	memcpy(user_id, user_id_, sizeof(user_id));
 	rv = derive_encryption_key(key, salt);
 
-	TEST_ASSERT(rv == EC_RES_SUCCESS);
+	TEST_ASSERT(rv == EC_SUCCESS);
 	TEST_ASSERT_ARRAY_EQ(key, expected_key, sizeof(key));
 
 	return EC_SUCCESS;
@@ -178,7 +178,7 @@ test_static int test_derive_encryption_key_failure_rollback_fail(void)
 	rollback_should_fail = 1;
 	/* THEN the derivation will fail. */
 	TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) ==
-		EC_RES_ERROR);
+		EC_ERROR_HW_INTERNAL);
 
 	/* GIVEN that reading the rollback secret will succeed. */
 	rollback_should_fail = 0;
@@ -186,7 +186,7 @@ test_static int test_derive_encryption_key_failure_rollback_fail(void)
 	TEST_ASSERT(fp_tpm_seed_is_set());
 	/* THEN the derivation will succeed. */
 	TEST_ASSERT(derive_encryption_key(unused_key, unused_salt) ==
-		EC_RES_SUCCESS);
+		EC_SUCCESS);
 
 	return EC_SUCCESS;
 }