Reland "fpsensor: Use OPENSSL_cleanse instead of always_memset"

This is a reland of commit 848e5a749e7cd6d02a2b31ee275470ba68cbe43d

Original change's description:
> fpsensor: Use OPENSSL_cleanse instead of always_memset
>
> BUG=b:248508087, b:273639386
> TEST=make runhosttests -j
> TEST=make buildall -j
> BRANCH=none
>
> Change-Id: If26578b31d768875bd4b85cdce8a6365e181685a
> Signed-off-by: Yi Chou <yich@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4387995
> Reviewed-by: Tom Hughes <tomhughes@chromium.org>

BUG=b:248508087, b:273639386
TEST=make runhosttests -j
TEST=make buildall -j
BRANCH=none

Force-Relevant-Builds: all
Change-Id: If8ac7ed3a87af1369cf278a84af470ba0540984b
Signed-off-by: Yi Chou <yich@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4464661
Reviewed-by: Tom Hughes <tomhughes@chromium.org>

3 files changed, 25 insertions, 21 deletions

diff --git a/common/fpsensor/fpsensor.cc b/common/fpsensor/fpsensor.cc
index cb013363f1..e3d96cde16 100644
--- a/common/fpsensor/fpsensor.cc
+++ b/common/fpsensor/fpsensor.cc
@@ -4,12 +4,14 @@
  */
 #include "compile_time_macros.h"
 
+/* Boringssl headers need to be included before extern "C" section. */
+#include "openssl/mem.h"
+
 extern "C" {
 #include "atomic.h"
 #include "clock.h"
 #include "common.h"
 #include "console.h"
-#include "cryptoc/util.h"
 #include "ec_commands.h"
 #include "gpio.h"
 #include "host_command.h"
@@ -517,7 +519,7 @@ static enum ec_status fp_command_frame(struct host_cmd_handler_args *args)
 				      encrypted_template, encrypted_blob_size,
 				      enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
 				      enc_info->tag, FP_CONTEXT_TAG_BYTES);
-		always_memset(key, 0, sizeof(key));
+		OPENSSL_cleanse(key, sizeof(key));
 		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to encrypt template", fgr);
 			return EC_RES_UNAVAILABLE;
@@ -640,7 +642,7 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args)
 				      encrypted_template, encrypted_blob_size,
 				      enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
 				      enc_info->tag, FP_CONTEXT_TAG_BYTES);
-		always_memset(key, 0, sizeof(key));
+		OPENSSL_cleanse(key, sizeof(key));
 		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to decipher template", idx);
 			/* Don't leave bad data in the template buffer */
@@ -659,8 +661,8 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args)
 		if (bytes_are_trivial(positive_match_salt,
 				      sizeof(fp_positive_match_salt[0]))) {
 			CPRINTS("fgr%d: Trivial positive match salt.", idx);
-			always_memset(fp_template[idx], 0,
-				      sizeof(fp_template[0]));
+			OPENSSL_cleanse(fp_template[idx],
+					sizeof(fp_template[0]));
 			return EC_RES_INVALID_PARAM;
 		}
 		memcpy(fp_positive_match_salt[idx], positive_match_salt,
diff --git a/common/fpsensor/fpsensor_crypto.cc b/common/fpsensor/fpsensor_crypto.cc
index 5861064427..5b5ce9de49 100644
--- a/common/fpsensor/fpsensor_crypto.cc
+++ b/common/fpsensor/fpsensor_crypto.cc
@@ -8,13 +8,13 @@
 #include "fpsensor_state.h"
 #include "fpsensor_utils.h"
 #include "openssl/aes.h"
+#include "openssl/mem.h"
 
 /* These must be included after the "openssl/aes.h" */
 #include "crypto/fipsmodule/aes/internal.h"
 #include "crypto/fipsmodule/modes/internal.h"
 
 extern "C" {
-#include "cryptoc/util.h"
 #include "rollback.h"
 #include "sha256.h"
 #include "util.h"
@@ -101,7 +101,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
 	compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1);
 
 	memcpy(out_key, key_buf, out_key_size);
-	always_memset(key_buf, 0, sizeof(key_buf));
+	OPENSSL_cleanse(key_buf, sizeof(key_buf));
 
 	return EC_SUCCESS;
 }
@@ -156,8 +156,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size,
 		out_key += block_size;
 		L -= block_size;
 	}
-	always_memset(T_buffer, 0, sizeof(T_buffer));
-	always_memset(info_buffer, 0, sizeof(info_buffer));
+	OPENSSL_cleanse(T_buffer, sizeof(T_buffer));
+	OPENSSL_cleanse(info_buffer, sizeof(info_buffer));
 	return EC_SUCCESS;
 #undef HASH_LEN
 }
@@ -187,7 +187,7 @@ int derive_positive_match_secret(uint8_t *output,
 	/* "Extract" step of HKDF. */
 	hkdf_extract(prk, input_positive_match_salt,
 		     FP_POSITIVE_MATCH_SALT_BYTES, ikm, sizeof(ikm));
-	always_memset(ikm, 0, sizeof(ikm));
+	OPENSSL_cleanse(ikm, sizeof(ikm));
 
 	memcpy(info, info_prefix, strlen(info_prefix));
 	memcpy(info + strlen(info_prefix), user_id, sizeof(user_id));
@@ -195,7 +195,7 @@ int derive_positive_match_secret(uint8_t *output,
 	/* "Expand" step of HKDF. */
 	ret = hkdf_expand(output, FP_POSITIVE_MATCH_SECRET_BYTES, prk,
 			  sizeof(prk), info, sizeof(info));
-	always_memset(prk, 0, sizeof(prk));
+	OPENSSL_cleanse(prk, sizeof(prk));
 
 	/* Check that secret is not full of 0x00 or 0xff. */
 	if (bytes_are_trivial(output, FP_POSITIVE_MATCH_SECRET_BYTES)) {
@@ -225,7 +225,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
 	/* "Extract step of HKDF. */
 	hkdf_extract(prk, salt, FP_CONTEXT_ENCRYPTION_SALT_BYTES, ikm,
 		     sizeof(ikm));
-	always_memset(ikm, 0, sizeof(ikm));
+	OPENSSL_cleanse(ikm, sizeof(ikm));
 
 	/*
 	 * Only 1 "expand" step of HKDF since the size of the "info" context
@@ -234,7 +234,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
 	 */
 	ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk),
 				   (uint8_t *)user_id, sizeof(user_id));
-	always_memset(prk, 0, sizeof(prk));
+	OPENSSL_cleanse(prk, sizeof(prk));
 
 	return ret;
 }
diff --git a/common/fpsensor/fpsensor_state.cc b/common/fpsensor/fpsensor_state.cc
index 7a2c9b6347..c4fec5fb5b 100644
--- a/common/fpsensor/fpsensor_state.cc
+++ b/common/fpsensor/fpsensor_state.cc
@@ -4,12 +4,13 @@
  */
 
 #include "compile_time_macros.h"
-#include "fpsensor_utils.h"
+
+/* Boringssl headers need to be included before extern "C" section. */
+#include "openssl/mem.h"
 
 extern "C" {
 #include "atomic.h"
 #include "common.h"
-#include "cryptoc/util.h"
 #include "ec_commands.h"
 #include "host_command.h"
 #include "system.h"
@@ -20,6 +21,7 @@ extern "C" {
 #include "fpsensor.h"
 #include "fpsensor_crypto.h"
 #include "fpsensor_state.h"
+#include "fpsensor_utils.h"
 
 /* Last acquired frame (aligned as it is used by arbitrary binary libraries) */
 uint8_t fp_buffer[FP_SENSOR_IMAGE_SIZE] FP_FRAME_SECTION __aligned(4);
@@ -71,9 +73,9 @@ void fp_task_simulate(void)
 
 void fp_clear_finger_context(uint16_t idx)
 {
-	always_memset(fp_template[idx], 0, sizeof(fp_template[0]));
-	always_memset(fp_positive_match_salt[idx], 0,
-		      sizeof(fp_positive_match_salt[0]));
+	OPENSSL_cleanse(fp_template[idx], sizeof(fp_template[0]));
+	OPENSSL_cleanse(fp_positive_match_salt[idx],
+			sizeof(fp_positive_match_salt[0]));
 }
 
 /**
@@ -85,9 +87,9 @@ static void _fp_clear_context(void)
 {
 	templ_valid = 0;
 	templ_dirty = 0;
-	always_memset(fp_buffer, 0, sizeof(fp_buffer));
-	always_memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer));
-	always_memset(user_id, 0, sizeof(user_id));
+	OPENSSL_cleanse(fp_buffer, sizeof(fp_buffer));
+	OPENSSL_cleanse(fp_enc_buffer, sizeof(fp_enc_buffer));
+	OPENSSL_cleanse(user_id, sizeof(user_id));
 	fp_disable_positive_match_secret(&positive_match_secret_state);
 	for (uint16_t idx = 0; idx < FP_MAX_FINGER_COUNT; idx++)
 		fp_clear_finger_context(idx);