From 0d0e777c34ea54c9e46eec0e3f1e2301279ccca9 Mon Sep 17 00:00:00 2001 From: Jade Philipoom Date: Fri, 12 Jan 2024 17:17:35 +0100 Subject: [PATCH] [crypto] Rename cryptolib status value enum members. This is a fixup after code review and mostly consists of running: ``` git ls-files sw/ | xargs sed -i -E 's/kOtcryptoStatus/kOtcryptoStatusValue/g' ``` and then manually reviewing the result. Signed-off-by: Jade Philipoom --- sw/device/lib/crypto/impl/status.h | 11 +-- sw/device/lib/crypto/impl/status_unittest.cc | 10 +-- sw/device/lib/crypto/include/aes.h | 6 +- sw/device/lib/crypto/include/datatypes.h | 12 ++-- sw/device/lib/crypto/include/ecc.h | 68 +++++++++---------- sw/device/lib/crypto/include/kdf.h | 2 +- .../tests/crypto/rsa_3072_verify_functest.c | 2 +- 7 files changed, 56 insertions(+), 55 deletions(-) diff --git a/sw/device/lib/crypto/impl/status.h b/sw/device/lib/crypto/impl/status.h index a4a3d169f3a47..17ede6d3bb6a5 100644 --- a/sw/device/lib/crypto/impl/status.h +++ b/sw/device/lib/crypto/impl/status.h @@ -47,13 +47,14 @@ extern "C" { ((__LINE__ & 0x7ff) << 5) | kUnimplemented)}) #else -#define OTCRYPTO_RECOV_ERR ((status_t){.value = kOtcryptoStatusInternalError}) -#define OTCRYPTO_FATAL_ERR ((status_t){.value = kCryptoStatusFatalError}) -#define OTCRYPTO_BAD_ARGS ((status_t){.value = kOtcryptoStatusBadArgs}) +#define OTCRYPTO_RECOV_ERR \ + ((status_t){.value = kOtcryptoStatusValueInternalError}) +#define OTCRYPTO_FATAL_ERR ((status_t){.value = kOtcryptoStatusValueFatalError}) +#define OTCRYPTO_BAD_ARGS ((status_t){.value = kOtcryptoStatusValueBadArgs}) #define OTCRYPTO_ASYNC_INCOMPLETE \ - ((status_t){.value = kOtcryptoStatusAsyncIncomplete}) + ((status_t){.value = kOtcryptoStatusValueAsyncIncomplete}) #define OTCRYPTO_NOT_IMPLEMENTED \ - ((status_t){.value = kOtcryptoStatusNotImplemented}) + ((status_t){.value = kOtcryptoStatusValueNotImplemented}) #endif diff --git a/sw/device/lib/crypto/impl/status_unittest.cc b/sw/device/lib/crypto/impl/status_unittest.cc index a14545ab8f963..abff3834ecca9 100644 --- a/sw/device/lib/crypto/impl/status_unittest.cc +++ b/sw/device/lib/crypto/impl/status_unittest.cc @@ -16,7 +16,7 @@ namespace status_unittest { namespace { TEST(Status, OkIsHardenedTrue) { - EXPECT_EQ(kOtcryptoStatusOk, kHardenedBoolTrue); + EXPECT_EQ(kOtcryptoStatusValueOk, kHardenedBoolTrue); } int HammingDistance(int32_t a, int32_t b) { @@ -32,8 +32,8 @@ TEST(Status, TopLevelStatusHammingDistance) { OTCRYPTO_ASYNC_INCOMPLETE, OTCRYPTO_NOT_IMPLEMENTED}; // Expect the "OK" code to have a significant Hamming distance from 0. - EXPECT_GE(HammingDistance(kOtcryptoStatusOk, 0), kMinimumHammingDistance) - << "The 'OK' status code " << kOtcryptoStatusOk + EXPECT_GE(HammingDistance(kOtcryptoStatusValueOk, 0), kMinimumHammingDistance) + << "The 'OK' status code " << kOtcryptoStatusValueOk << " is too close to zero."; for (const otcrypto_status_t status1 : error_codes) { @@ -41,10 +41,10 @@ TEST(Status, TopLevelStatusHammingDistance) { EXPECT_GE(HammingDistance(status1.value, 0), kMinimumHammingDistance) << "Error code " << status1.value << " is too close to zero."; // Expect an extra significant Hamming distance from the "OK" code. - EXPECT_GE(HammingDistance(status1.value, kOtcryptoStatusOk), + EXPECT_GE(HammingDistance(status1.value, kOtcryptoStatusValueOk), kMinimumHammingDistance) << "Error code " << status1.value << " is too close to the 'OK' value (" - << kOtcryptoStatusOk << ")."; + << kOtcryptoStatusValueOk << ")."; // Expect a significant Hamming distance from all other error codes. for (const otcrypto_status_t status2 : error_codes) { diff --git a/sw/device/lib/crypto/include/aes.h b/sw/device/lib/crypto/include/aes.h index ede11be1b1087..717929012fb9a 100644 --- a/sw/device/lib/crypto/include/aes.h +++ b/sw/device/lib/crypto/include/aes.h @@ -90,9 +90,9 @@ typedef struct otcrypto_aes_gcm_context { * Get the number of blocks needed for the plaintext length and padding mode. * * This returns the size of the padded plaintext, which is the same as the - * ciphertext size. Returns `kOtcryptoStatusBadArgs` if the padding mode and - * length are incompatible (for instance, if the padding mode is "no padding" - * but the input length is not a multiple of the AES block size). + * ciphertext size. Returns `kOtcryptoStatusValueBadArgs` if the padding mode + * and length are incompatible (for instance, if the padding mode is "no + * padding" but the input length is not a multiple of the AES block size). * * @param plaintext_len Plaintext data length in bytes. * @param aes_padding Padding scheme to be used for the data. diff --git a/sw/device/lib/crypto/include/datatypes.h b/sw/device/lib/crypto/include/datatypes.h index 6b5584ec25690..7966b3c7bab9a 100644 --- a/sw/device/lib/crypto/include/datatypes.h +++ b/sw/device/lib/crypto/include/datatypes.h @@ -59,18 +59,18 @@ typedef status_t otcrypto_status_t; */ typedef enum otcrypto_status_value { // Status is OK; no errors. - kOtcryptoStatusOk = (int32_t)0x739, + kOtcryptoStatusValueOk = (int32_t)0x739, // Invalid input arguments; wrong length or invalid type. - kOtcryptoStatusBadArgs = (int32_t)0x8000fea0 | kInvalidArgument, + kOtcryptoStatusValueBadArgs = (int32_t)0x8000fea0 | kInvalidArgument, // Error after which it is OK to retry (e.g. timeout). - kOtcryptoStatusInternalError = (int32_t)0x80005340 | kAborted, + kOtcryptoStatusValueInternalError = (int32_t)0x80005340 | kAborted, // Error after which it is not OK to retry (e.g. integrity check). - kCryptoStatusFatalError = (int32_t)0x80006d80 | kFailedPrecondition, + kOtcryptoStatusValueFatalError = (int32_t)0x80006d80 | kFailedPrecondition, // An asynchronous operation is still in progress. - kOtcryptoStatusAsyncIncomplete = (int32_t)0x8000ea40 | kUnavailable, + kOtcryptoStatusValueAsyncIncomplete = (int32_t)0x8000ea40 | kUnavailable, // TODO: remove all instances of this error before release; it is to track // implementations that are not yet complete. - kOtcryptoStatusNotImplemented = (int32_t)0x80008d20 | kUnimplemented, + kOtcryptoStatusValueNotImplemented = (int32_t)0x80008d20 | kUnimplemented, } otcrypto_status_value_t; /** diff --git a/sw/device/lib/crypto/include/ecc.h b/sw/device/lib/crypto/include/ecc.h index 4939e9eb94649..6d435e2d5846f 100644 --- a/sw/device/lib/crypto/include/ecc.h +++ b/sw/device/lib/crypto/include/ecc.h @@ -320,8 +320,8 @@ otcrypto_status_t otcrypto_x25519(const otcrypto_blinded_key_t *private_key, * only for a custom curve. For named curves this field is ignored * and can be set to `NULL`. * - * Returns `kOtcryptoStatusOk` if the operation was successfully - * started, or`kOtcryptoStatusInternalError` if the operation cannot be + * Returns `kOtcryptoStatusValueOk` if the operation was successfully + * started, or`kOtcryptoStatusValueInternalError` if the operation cannot be * started. * * @param elliptic_curve Pointer to the elliptic curve to be used. @@ -336,10 +336,10 @@ otcrypto_status_t otcrypto_ecdsa_keygen_async_start( /** * Finalizes the asynchronous key generation for ECDSA operation. * - * Returns `kOtcryptoStatusOk` and copies the private key (d) and public + * Returns `kOtcryptoStatusValueOk` and copies the private key (d) and public * key (Q), if the OTBN status is done, or - * `kOtcryptoStatusAsyncIncomplete` if the OTBN is busy or - * `kOtcryptoStatusInternalError` if there is an error. + * `kOtcryptoStatusValueAsyncIncomplete` if the OTBN is busy or + * `kOtcryptoStatusValueInternalError` if there is an error. * * The caller must ensure that the `elliptic_curve` parameter matches the one * that was previously passed to the corresponding `_start` function; a @@ -378,9 +378,9 @@ otcrypto_status_t otcrypto_ecdsa_sign_async_start( /** * Finalizes the asynchronous ECDSA digital signature generation. * - * Returns `kOtcryptoStatusOk` and copies the signature if the OTBN - * status is done, or `kOtcryptoStatusAsyncIncomplete` if the OTBN is - * busy or `kOtcryptoStatusInternalError` if there is an error. + * Returns `kOtcryptoStatusValueOk` and copies the signature if the OTBN + * status is done, or `kOtcryptoStatusValueAsyncIncomplete` if the OTBN is + * busy or `kOtcryptoStatusValueInternalError` if there is an error. * * The caller must ensure that the `elliptic_curve` parameter matches the one * that was previously passed to the corresponding `_start` function; a @@ -419,9 +419,9 @@ otcrypto_status_t otcrypto_ecdsa_verify_async_start( /** * Finalizes the asynchronous ECDSA digital signature verification. * - * Returns `kOtcryptoStatusOk` and populates the `verification result` - * if the OTBN status is done. `kOtcryptoStatusAsyncIncomplete` if the - * OTBN is busy or `kOtcryptoStatusInternalError` if there is an error. + * Returns `kOtcryptoStatusValueOk` and populates the `verification result` + * if the OTBN status is done. `kOtcryptoStatusValueAsyncIncomplete` if the + * OTBN is busy or `kOtcryptoStatusValueInternalError` if there is an error. * The computed signature is compared against the input signature * and a PASS or FAIL is returned. * @@ -453,8 +453,8 @@ otcrypto_status_t otcrypto_ecdsa_verify_async_finalize( * only for a custom curve. For named curves this field is ignored * and can be set to `NULL`. * - * Returns `kOtcryptoStatusOk` if the operation was successfully - * started, or`kOtcryptoStatusInternalError` if the operation cannot be + * Returns `kOtcryptoStatusValueOk` if the operation was successfully + * started, or`kOtcryptoStatusValueInternalError` if the operation cannot be * started. * * @param elliptic_curve Pointer to the elliptic curve to be used. @@ -469,10 +469,10 @@ otcrypto_status_t otcrypto_ecdh_keygen_async_start( /** * Finalizes the asynchronous key generation for ECDSA operation. * - * Returns `kOtcryptoStatusOk` and copies the private key (d) and public + * Returns `kOtcryptoStatusValueOk` and copies the private key (d) and public * key (Q), if the OTBN status is done, or - * `kOtcryptoStatusAsyncIncomplete` if the OTBN is busy or - * `kOtcryptoStatusInternalError` if there is an error. + * `kOtcryptoStatusValueAsyncIncomplete` if the OTBN is busy or + * `kOtcryptoStatusValueInternalError` if there is an error. * * The caller must ensure that the `elliptic_curve` parameter matches the one * that was previously passed to the corresponding `_start` function; a @@ -512,9 +512,9 @@ otcrypto_status_t otcrypto_ecdh_async_start( * Finalizes the asynchronous Elliptic Curve Diffie Hellman shared * secret generation. * - * Returns `kOtcryptoStatusOk` and copies `shared_secret` if the OTBN - * status is done, or `kOtcryptoStatusAsyncIncomplete` if the OTBN - * is busy or `kOtcryptoStatusInternalError` if there is an error. + * Returns `kOtcryptoStatusValueOk` and copies `shared_secret` if the OTBN + * status is done, or `kOtcryptoStatusValueAsyncIncomplete` if the OTBN + * is busy or `kOtcryptoStatusValueInternalError` if there is an error. * * The caller must ensure that the `elliptic_curve` parameter matches the one * that was previously passed to the corresponding `_start` function; a @@ -550,9 +550,9 @@ otcrypto_status_t otcrypto_ed25519_keygen_async_start( /** * Finalizes the asynchronous key generation for Ed25519. * - * Returns `kOtcryptoStatusOk` and copies private key (d) and public key - * (Q), if the OTBN status is done, or `kOtcryptoStatusAsyncIncomplete` - * if the OTBN is busy or `kOtcryptoStatusInternalError` if there is an + * Returns `kOtcryptoStatusValueOk` and copies private key (d) and public key + * (Q), if the OTBN status is done, or `kOtcryptoStatusValueAsyncIncomplete` + * if the OTBN is busy or `kOtcryptoStatusValueInternalError` if there is an * error. * * The caller must ensure that `config` matches the key configuration initially @@ -588,9 +588,9 @@ otcrypto_status_t otcrypto_ed25519_sign_async_start( /** * Finalizes the asynchronous Ed25519 digital signature generation. * - * Returns `kOtcryptoStatusOk` and copies the signature if the OTBN - * status is done, or `kOtcryptoStatusAsyncIncomplete` if the OTBN is - * busy or `kOtcryptoStatusInternalError` if there is an error. + * Returns `kOtcryptoStatusValueOk` and copies the signature if the OTBN + * status is done, or `kOtcryptoStatusValueAsyncIncomplete` if the OTBN is + * busy or `kOtcryptoStatusValueInternalError` if there is an error. * * @param[out] signature Pointer to the EdDSA signature to get (s) value. * @return Result of async Ed25519 finalize operation. @@ -621,10 +621,10 @@ otcrypto_status_t otcrypto_ed25519_verify_async_start( /** * Finalizes the asynchronous Ed25519 digital signature verification. * - * Returns `kOtcryptoStatusOk` and populates the `verification result` + * Returns `kOtcryptoStatusValueOk` and populates the `verification result` * with a PASS or FAIL, if the OTBN status is done, - * `kOtcryptoStatusAsyncIncomplete` if the OTBN is busy or - * `kOtcryptoStatusInternalError` if there is an error. + * `kOtcryptoStatusValueAsyncIncomplete` if the OTBN is busy or + * `kOtcryptoStatusValueInternalError` if there is an error. * * @param[out] verification_result Result of signature verification * (Pass/Fail). @@ -655,9 +655,9 @@ otcrypto_status_t otcrypto_x25519_keygen_async_start( /** * Finalizes the asynchronous key generation for X25519. * - * Returns `kOtcryptoStatusOk` and copies private key (d) and public key - * (Q), if the OTBN status is done, or `kOtcryptoStatusAsyncIncomplete` - * if the OTBN is busy or `kOtcryptoStatusInternalError` if there is an + * Returns `kOtcryptoStatusValueOk` and copies private key (d) and public key + * (Q), if the OTBN status is done, or `kOtcryptoStatusValueAsyncIncomplete` + * if the OTBN is busy or `kOtcryptoStatusValueInternalError` if there is an * error. * * The caller must ensure that `config` matches the key configuration initially @@ -692,9 +692,9 @@ otcrypto_status_t otcrypto_x25519_async_start( * Finalizes the asynchronous X25519 Diffie Hellman shared secret * generation. * - * Returns `kOtcryptoStatusOk` and copies `shared_secret` if the OTBN - * status is done, or `kOtcryptoStatusAsyncIncomplete` if the OTBN - * is busy or `kOtcryptoStatusInternalError` if there is an error. + * Returns `kOtcryptoStatusValueOk` and copies `shared_secret` if the OTBN + * status is done, or `kOtcryptoStatusValueAsyncIncomplete` if the OTBN + * is busy or `kOtcryptoStatusValueInternalError` if there is an error. * * @param[out] shared_secret Pointer to shared secret key (u-coordinate). * @return Result of async X25519 finalize operation. diff --git a/sw/device/lib/crypto/include/kdf.h b/sw/device/lib/crypto/include/kdf.h index f6a7b78c5ef4a..ba433f65c48f5 100644 --- a/sw/device/lib/crypto/include/kdf.h +++ b/sw/device/lib/crypto/include/kdf.h @@ -63,7 +63,7 @@ otcrypto_status_t otcrypto_kdf_ctr( * * HKDF is defined in IETF RFC 5869 and is based on HMAC. The HMAC hash * function is determined by the mode of the key derivation key, e.g. the key - * mode kOtcryptoKeyModeHmacSha256 results in HMAC with SHA-256. The key mode + * mode `kOtcryptoKeyModeHmacSha256` results in HMAC with SHA-256. The key mode * for the output pseudo-random key (PRK) should match the key mode for the * input key derivation key. * diff --git a/sw/device/tests/crypto/rsa_3072_verify_functest.c b/sw/device/tests/crypto/rsa_3072_verify_functest.c index b6dc7416a0ff1..7240d1e41e85d 100644 --- a/sw/device/tests/crypto/rsa_3072_verify_functest.c +++ b/sw/device/tests/crypto/rsa_3072_verify_functest.c @@ -46,7 +46,7 @@ status_t rsa_3072_verify_test(const rsa_3072_verify_test_vector_t *testvec) { return OTCRYPTO_RECOV_ERR; } // Error code may be OK or BAD_ARGS, but other errors indicate a problem. - if (!status_ok(err) && err.value != kOtcryptoStatusBadArgs) { + if (!status_ok(err) && err.value != kOtcryptoStatusValueBadArgs) { LOG_ERROR("Unexpected error on invalid signature: %r.", err); return err; }