style(crypto): add braces for if statement
As per TF-A coding style[1] braces around single if statement is preferred.
Minor cleanup to adhere to it.
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html#conditional-statement-bodies
Change-Id: I771fdcbf105eac9377002ac67d0615ef29440904
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c
index 142f364..e2b189b 100644
--- a/drivers/auth/cryptocell/712/cryptocell_crypto.c
+++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c
@@ -7,7 +7,8 @@
#include <stddef.h>
#include <string.h>
-#include <platform_def.h>
+#include <mbedtls/oid.h>
+#include <mbedtls/x509.h>
#include <arch_helpers.h>
#include <common/debug.h>
@@ -21,8 +22,7 @@
#include <drivers/auth/mbedtls/mbedtls_common.h>
#include <lib/utils.h>
-#include <mbedtls/oid.h>
-#include <mbedtls/x509.h>
+#include <platform_def.h>
#define LIB_NAME "CryptoCell 712 SBROM"
#define RSA_SALT_LEN 32
@@ -109,70 +109,85 @@
p = sig_alg;
end = p + sig_alg_len;
rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, ¶ms);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Get the actual signature algorithm (MD + PK) */
rc = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* The CryptoCell only supports RSASSA-PSS signature */
- if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE))
+ if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Verify the RSASSA-PSS params */
/* The trailer field is verified to be 0xBC internally by this API */
rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg,
&mgf1_hash_id,
&expected_salt_len);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* The CryptoCell only supports SHA256 as hash algorithm */
- if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256))
+ if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256)) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (expected_salt_len != RSA_SALT_LEN)
+ if (expected_salt_len != RSA_SALT_LEN) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Parse the public key */
p = pk_ptr;
end = p + pk_len;
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
end = p + len;
rc = mbedtls_asn1_get_alg_null(&p, end, &alg_oid);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0)
+ if (mbedtls_oid_get_pk_alg(&alg_oid, &pk_alg) != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (pk_alg != MBEDTLS_PK_RSA)
+ if (pk_alg != MBEDTLS_PK_RSA) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_tag(&p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
if (*p == 0) {
p++; len--;
}
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
+
+ if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* The CCSbVerifySignature() API expects N and Np in BE format and
@@ -183,11 +198,13 @@
/* Verify the RSA exponent */
p += len;
rc = mbedtls_asn1_get_int(&p, end, &exp);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (exp != RSA_EXPONENT)
+ if (exp != RSA_EXPONENT) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* Calculate the Np (Barrett n' value). The RSA_CalcNp() API expects
@@ -204,11 +221,13 @@
p = sig_ptr;
end = p + sig_len;
rc = mbedtls_asn1_get_bitstring_null(&p, end, &len);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_SIGNATURE;
+ }
- if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end))
+ if (len != RSA_MOD_SIZE_IN_BYTES || ((p + len) > end)) {
return CRYPTO_ERR_SIGNATURE;
+ }
/*
* The signature is BE format. Convert it to LE before calling
@@ -226,8 +245,9 @@
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uint32_t *)data_ptr, &pk, &signature,
data_len, RSA_PSS);
- if (error != CC_OK)
+ if (error != CC_OK) {
return CRYPTO_ERR_SIGNATURE;
+ }
/* Signature verification success */
return CRYPTO_SUCCESS;
@@ -255,29 +275,36 @@
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
+
/* Verify that hash algorithm is SHA256 */
- if (md_alg != MBEDTLS_MD_SHA256)
+ if (md_alg != MBEDTLS_MD_SHA256) {
return CRYPTO_ERR_HASH;
+ }
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
/* Length of hash must match the algorithm's size */
- if (len != HASH_RESULT_SIZE_IN_BYTES)
+ if (len != HASH_RESULT_SIZE_IN_BYTES) {
return CRYPTO_ERR_HASH;
+ }
/*
* CryptoCell utilises DMA internally to transfer data. Flush the data
@@ -288,12 +315,14 @@
hash = p;
error = SBROM_CryptoHash((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uintptr_t)data_ptr, data_len, pubKeyHash);
- if (error != CC_OK)
+ if (error != CC_OK) {
return CRYPTO_ERR_HASH;
+ }
rc = memcmp(pubKeyHash, hash, HASH_RESULT_SIZE_IN_BYTES);
- if (rc != 0)
+ if (rc != 0) {
return CRYPTO_ERR_HASH;
+ }
return CRYPTO_SUCCESS;
}