cr50: Update AES public APIsfactory-ambassador-14265.B-cr50_stab

To support FIPS mode we need to block access to crypto in case of errors. 1) Added check for FIPS errors into DCRYPTO_aes_init() 2) Return codes updated to enum dcrypto_result 3) Call sites updated to check for return codes BUG=b:197893750 TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com> Change-Id: Id614cc346fe22537e9208196bf1322221a253b0c Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194985 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org> Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
author: Vadim Sukhomlinov <sukhomlinov@google.com> 2021-09-29 15:02:49 -0700
committer: Commit Bot <commit-bot@chromium.org> 2021-10-05 19:08:53 +0000
commit: 9cd80daff9f6d9df08311a790a79632ab647a162 (patch)
tree: f454c7c3b3e8b47f0dd7327fc7be7e9f9dd2181d /common
parent: d64c8e2803a570aa3181fe67f2fb0f3241789de1 (diff)
download: chrome-ec-9cd80daff9f6d9df08311a790a79632ab647a162.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/common/pinweaver.c b/common/pinweaver.c
index 9b7ad0b6d6..1443bebd7b 100644
--- a/common/pinweaver.c
+++ b/common/pinweaver.c
@@ -289,11 +289,11 @@ static int encrypt_leaf_data(const struct merkle_tree_t *merkle_tree,
 		return PW_ERR_CRYPTO_FAILURE;
 	memcpy(&wrapped_leaf_data->pub, &leaf_data->pub,
 	       sizeof(leaf_data->pub));
-	if (!DCRYPTO_aes_ctr(wrapped_leaf_data->cipher_text,
+	if (DCRYPTO_aes_ctr(wrapped_leaf_data->cipher_text,
 			    merkle_tree->wrap_key,
 			    sizeof(merkle_tree->wrap_key) << 3,
 			    wrapped_leaf_data->iv, (uint8_t *)&leaf_data->sec,
-			    sizeof(leaf_data->sec))) {
+			    sizeof(leaf_data->sec)) != DCRYPTO_OK) {
 		return PW_ERR_CRYPTO_FAILURE;
 	}
 	return EC_SUCCESS;
@@ -308,11 +308,11 @@ static int decrypt_leaf_data(
 	memcpy(&leaf_data->pub, imported_leaf_data->pub,
 	       MIN(imported_leaf_data->head->pub_len,
 		   sizeof(struct leaf_public_data_t)));
-	if (!DCRYPTO_aes_ctr((uint8_t *)&leaf_data->sec, merkle_tree->wrap_key,
+	if (DCRYPTO_aes_ctr((uint8_t *)&leaf_data->sec, merkle_tree->wrap_key,
 			    sizeof(merkle_tree->wrap_key) << 3,
 			    imported_leaf_data->iv,
 			    imported_leaf_data->cipher_text,
-			    sizeof(leaf_data->sec))) {
+			    sizeof(leaf_data->sec)) != DCRYPTO_OK) {
 		return PW_ERR_CRYPTO_FAILURE;
 	}
 	return EC_SUCCESS;
author	Vadim Sukhomlinov <sukhomlinov@google.com>	2021-09-29 15:02:49 -0700
committer	Commit Bot <commit-bot@chromium.org>	2021-10-05 19:08:53 +0000
commit	9cd80daff9f6d9df08311a790a79632ab647a162 (patch)
tree	f454c7c3b3e8b47f0dd7327fc7be7e9f9dd2181d /common
parent	d64c8e2803a570aa3181fe67f2fb0f3241789de1 (diff)
download	chrome-ec-9cd80daff9f6d9df08311a790a79632ab647a162.tar.gz