diff options
| author | Yicheng Li <yichengli@chromium.org> | 2019-08-01 13:16:23 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-09-04 16:36:36 +0000 |
| commit | f7a32618bcacfb3b3ecba62d338aa24dc4a211d1 (patch) | |
| tree | 072a25449221dc3e49d9f3cc7e11b83d6ceb0fec | |
| parent | 519f9cdf0d50d87111e45227e9f0efea3686a8e1 (diff) | |
| download | chrome-ec-f7a32618bcacfb3b3ecba62d338aa24dc4a211d1.tar.gz | |
fpsensor: replace memset() with always_memset()
In fpsensor code, use always_memset() in place of memset().
BRANCH=nocturne
BUG=chromium:968809,chromium:989594,b:130238794
TEST=make -j buildall
TEST=tested enrollment, matching and multifinger on nocturne DUT
Change-Id: I29e32bd2838c1f240607799e61f29759aaee7600
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1737206
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
| -rw-r--r-- | Makefile.rules | 2 | ||||
| -rw-r--r-- | board/host/board.h | 2 | ||||
| -rw-r--r-- | common/fpsensor/fpsensor.c | 3 | ||||
| -rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 7 | ||||
| -rw-r--r-- | common/fpsensor/fpsensor_state.c | 9 |
5 files changed, 15 insertions, 8 deletions
diff --git a/Makefile.rules b/Makefile.rules index 1cef50aee8..6777fa24b1 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -78,7 +78,7 @@ cmd_elf = $(CC) $(objs) $(libsharedobjs_elf-y) $(LDFLAGS) \ cmd_fuzz_exe = $(CXX) $^ $(HOST_TEST_LDFLAGS) $(LDFLAGS_EXTRA) -o $@ cmd_run_fuzz = build/host/$*/$*.exe -seed=1 -runs=1 $(silent) \ $(silent_err) || (echo "Test $* failed!" && false) -cmd_exe = $(CC) $(ro-objs) $(HOST_TEST_LDFLAGS) -o $@ +cmd_exe = $(CC) $(ro-objs) $(HOST_TEST_LDFLAGS) $(LDFLAGS_EXTRA) -o $@ cmd_c_to_o = $(CC) $(C_WARN) $(CFLAGS) -MMD -MP -MF $@.d -c $< -o $(@D)/$(@F) cmd_cxx_to_o = $(CXX) -std=c++11 $(CFLAGS) $(CXXFLAGS) -MMD -MP -MF $@.d -c $< \ -o $(@D)/$(@F) diff --git a/board/host/board.h b/board/host/board.h index 6f41dec203..d202e23f7a 100644 --- a/board/host/board.h +++ b/board/host/board.h @@ -21,6 +21,8 @@ #define CONFIG_WP_ACTIVE_HIGH +#define CONFIG_LIBCRYPTOC + #include "gpio_signal.h" enum temp_sensor_id { diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c index facdd3c1bb..d0bc54faba 100644 --- a/common/fpsensor/fpsensor.c +++ b/common/fpsensor/fpsensor.c @@ -7,6 +7,7 @@ #include "clock.h" #include "common.h" #include "console.h" +#include "cryptoc/util.h" #include "ec_commands.h" #include "fpsensor.h" #include "fpsensor_crypto.h" @@ -429,6 +430,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args) sizeof(fp_template[0]), enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); + always_memset(key, 0, sizeof(key)); if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to encrypt template", fgr); return EC_RES_UNAVAILABLE; @@ -517,6 +519,7 @@ static int fp_command_template(struct host_cmd_handler_args *args) sizeof(fp_template[0]), enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); + always_memset(key, 0, sizeof(key)); if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to decipher template", idx); /* Don't leave bad data in the template buffer */ diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 6385b7116d..d5bbd03c38 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -5,6 +5,7 @@ #include "aes.h" #include "aes-gcm.h" +#include "cryptoc/util.h" #include "fpsensor_crypto.h" #include "fpsensor_private.h" #include "fpsensor_state.h" @@ -77,7 +78,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); - memset(key_buf, 0, sizeof(key_buf)); + always_memset(key_buf, 0, sizeof(key_buf)); return EC_SUCCESS; } @@ -100,7 +101,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) /* "Extract step of HKDF. */ hkdf_extract(prk, salt, FP_CONTEXT_SALT_BYTES, ikm, sizeof(ikm)); - memset(ikm, 0, sizeof(ikm)); + always_memset(ikm, 0, sizeof(ikm)); /* * Only 1 "expand" step of HKDF since the size of the "info" context @@ -109,7 +110,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) */ ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk), (uint8_t *)user_id, sizeof(user_id)); - memset(prk, 0, sizeof(prk)); + always_memset(prk, 0, sizeof(prk)); return ret; } diff --git a/common/fpsensor/fpsensor_state.c b/common/fpsensor/fpsensor_state.c index 1004c4be70..7474634487 100644 --- a/common/fpsensor/fpsensor_state.c +++ b/common/fpsensor/fpsensor_state.c @@ -4,6 +4,7 @@ */ #include "common.h" +#include "cryptoc/util.h" #include "ec_commands.h" #include "fpsensor.h" #include "fpsensor_private.h" @@ -51,7 +52,7 @@ void fp_task_simulate(void) void fp_clear_finger_context(int idx) { - memset(fp_template[idx], 0, sizeof(fp_template[0])); + always_memset(fp_template[idx], 0, sizeof(fp_template[0])); } void fp_clear_context(void) @@ -60,9 +61,9 @@ void fp_clear_context(void) templ_valid = 0; templ_dirty = 0; - memset(fp_buffer, 0, sizeof(fp_buffer)); - memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer)); - memset(user_id, 0, sizeof(user_id)); + always_memset(fp_buffer, 0, sizeof(fp_buffer)); + always_memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer)); + always_memset(user_id, 0, sizeof(user_id)); for (idx = 0; idx < FP_MAX_FINGER_COUNT; idx++) fp_clear_finger_context(idx); /* TODO maybe shutdown and re-init the private libraries ? */ |