diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-29 15:02:49 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-10-05 19:08:53 +0000 |
commit | 9cd80daff9f6d9df08311a790a79632ab647a162 (patch) | |
tree | f454c7c3b3e8b47f0dd7327fc7be7e9f9dd2181d /common | |
parent | d64c8e2803a570aa3181fe67f2fb0f3241789de1 (diff) | |
download | chrome-ec-9cd80daff9f6d9df08311a790a79632ab647a162.tar.gz |
cr50: Update AES public APIsfactory-ambassador-14265.B-cr50_stab
To support FIPS mode we need to block access to crypto in case of
errors.
1) Added check for FIPS errors into DCRYPTO_aes_init()
2) Return codes updated to enum dcrypto_result
3) Call sites updated to check for return codes
BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Id614cc346fe22537e9208196bf1322221a253b0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194985
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'common')
-rw-r--r-- | common/pinweaver.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/common/pinweaver.c b/common/pinweaver.c index 9b7ad0b6d6..1443bebd7b 100644 --- a/common/pinweaver.c +++ b/common/pinweaver.c @@ -289,11 +289,11 @@ static int encrypt_leaf_data(const struct merkle_tree_t *merkle_tree, return PW_ERR_CRYPTO_FAILURE; memcpy(&wrapped_leaf_data->pub, &leaf_data->pub, sizeof(leaf_data->pub)); - if (!DCRYPTO_aes_ctr(wrapped_leaf_data->cipher_text, + if (DCRYPTO_aes_ctr(wrapped_leaf_data->cipher_text, merkle_tree->wrap_key, sizeof(merkle_tree->wrap_key) << 3, wrapped_leaf_data->iv, (uint8_t *)&leaf_data->sec, - sizeof(leaf_data->sec))) { + sizeof(leaf_data->sec)) != DCRYPTO_OK) { return PW_ERR_CRYPTO_FAILURE; } return EC_SUCCESS; @@ -308,11 +308,11 @@ static int decrypt_leaf_data( memcpy(&leaf_data->pub, imported_leaf_data->pub, MIN(imported_leaf_data->head->pub_len, sizeof(struct leaf_public_data_t))); - if (!DCRYPTO_aes_ctr((uint8_t *)&leaf_data->sec, merkle_tree->wrap_key, + if (DCRYPTO_aes_ctr((uint8_t *)&leaf_data->sec, merkle_tree->wrap_key, sizeof(merkle_tree->wrap_key) << 3, imported_leaf_data->iv, imported_leaf_data->cipher_text, - sizeof(leaf_data->sec))) { + sizeof(leaf_data->sec)) != DCRYPTO_OK) { return PW_ERR_CRYPTO_FAILURE; } return EC_SUCCESS; |