diff options
-rw-r--r-- | common/fpsensor/fpsensor.cc | 12 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_crypto.cc | 16 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_state.cc | 18 |
3 files changed, 25 insertions, 21 deletions
diff --git a/common/fpsensor/fpsensor.cc b/common/fpsensor/fpsensor.cc index cb013363f1..e3d96cde16 100644 --- a/common/fpsensor/fpsensor.cc +++ b/common/fpsensor/fpsensor.cc @@ -4,12 +4,14 @@ */ #include "compile_time_macros.h" +/* Boringssl headers need to be included before extern "C" section. */ +#include "openssl/mem.h" + extern "C" { #include "atomic.h" #include "clock.h" #include "common.h" #include "console.h" -#include "cryptoc/util.h" #include "ec_commands.h" #include "gpio.h" #include "host_command.h" @@ -517,7 +519,7 @@ static enum ec_status fp_command_frame(struct host_cmd_handler_args *args) encrypted_template, encrypted_blob_size, enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - always_memset(key, 0, sizeof(key)); + OPENSSL_cleanse(key, sizeof(key)); if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to encrypt template", fgr); return EC_RES_UNAVAILABLE; @@ -640,7 +642,7 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args) encrypted_template, encrypted_blob_size, enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); - always_memset(key, 0, sizeof(key)); + OPENSSL_cleanse(key, sizeof(key)); if (ret != EC_SUCCESS) { CPRINTS("fgr%d: Failed to decipher template", idx); /* Don't leave bad data in the template buffer */ @@ -659,8 +661,8 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args) if (bytes_are_trivial(positive_match_salt, sizeof(fp_positive_match_salt[0]))) { CPRINTS("fgr%d: Trivial positive match salt.", idx); - always_memset(fp_template[idx], 0, - sizeof(fp_template[0])); + OPENSSL_cleanse(fp_template[idx], + sizeof(fp_template[0])); return EC_RES_INVALID_PARAM; } memcpy(fp_positive_match_salt[idx], positive_match_salt, diff --git a/common/fpsensor/fpsensor_crypto.cc b/common/fpsensor/fpsensor_crypto.cc index 5861064427..5b5ce9de49 100644 --- a/common/fpsensor/fpsensor_crypto.cc +++ b/common/fpsensor/fpsensor_crypto.cc @@ -8,13 +8,13 @@ #include "fpsensor_state.h" #include "fpsensor_utils.h" #include "openssl/aes.h" +#include "openssl/mem.h" /* These must be included after the "openssl/aes.h" */ #include "crypto/fipsmodule/aes/internal.h" #include "crypto/fipsmodule/modes/internal.h" extern "C" { -#include "cryptoc/util.h" #include "rollback.h" #include "sha256.h" #include "util.h" @@ -101,7 +101,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); - always_memset(key_buf, 0, sizeof(key_buf)); + OPENSSL_cleanse(key_buf, sizeof(key_buf)); return EC_SUCCESS; } @@ -156,8 +156,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size, out_key += block_size; L -= block_size; } - always_memset(T_buffer, 0, sizeof(T_buffer)); - always_memset(info_buffer, 0, sizeof(info_buffer)); + OPENSSL_cleanse(T_buffer, sizeof(T_buffer)); + OPENSSL_cleanse(info_buffer, sizeof(info_buffer)); return EC_SUCCESS; #undef HASH_LEN } @@ -187,7 +187,7 @@ int derive_positive_match_secret(uint8_t *output, /* "Extract" step of HKDF. */ hkdf_extract(prk, input_positive_match_salt, FP_POSITIVE_MATCH_SALT_BYTES, ikm, sizeof(ikm)); - always_memset(ikm, 0, sizeof(ikm)); + OPENSSL_cleanse(ikm, sizeof(ikm)); memcpy(info, info_prefix, strlen(info_prefix)); memcpy(info + strlen(info_prefix), user_id, sizeof(user_id)); @@ -195,7 +195,7 @@ int derive_positive_match_secret(uint8_t *output, /* "Expand" step of HKDF. */ ret = hkdf_expand(output, FP_POSITIVE_MATCH_SECRET_BYTES, prk, sizeof(prk), info, sizeof(info)); - always_memset(prk, 0, sizeof(prk)); + OPENSSL_cleanse(prk, sizeof(prk)); /* Check that secret is not full of 0x00 or 0xff. */ if (bytes_are_trivial(output, FP_POSITIVE_MATCH_SECRET_BYTES)) { @@ -225,7 +225,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) /* "Extract step of HKDF. */ hkdf_extract(prk, salt, FP_CONTEXT_ENCRYPTION_SALT_BYTES, ikm, sizeof(ikm)); - always_memset(ikm, 0, sizeof(ikm)); + OPENSSL_cleanse(ikm, sizeof(ikm)); /* * Only 1 "expand" step of HKDF since the size of the "info" context @@ -234,7 +234,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) */ ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk), (uint8_t *)user_id, sizeof(user_id)); - always_memset(prk, 0, sizeof(prk)); + OPENSSL_cleanse(prk, sizeof(prk)); return ret; } diff --git a/common/fpsensor/fpsensor_state.cc b/common/fpsensor/fpsensor_state.cc index 7a2c9b6347..c4fec5fb5b 100644 --- a/common/fpsensor/fpsensor_state.cc +++ b/common/fpsensor/fpsensor_state.cc @@ -4,12 +4,13 @@ */ #include "compile_time_macros.h" -#include "fpsensor_utils.h" + +/* Boringssl headers need to be included before extern "C" section. */ +#include "openssl/mem.h" extern "C" { #include "atomic.h" #include "common.h" -#include "cryptoc/util.h" #include "ec_commands.h" #include "host_command.h" #include "system.h" @@ -20,6 +21,7 @@ extern "C" { #include "fpsensor.h" #include "fpsensor_crypto.h" #include "fpsensor_state.h" +#include "fpsensor_utils.h" /* Last acquired frame (aligned as it is used by arbitrary binary libraries) */ uint8_t fp_buffer[FP_SENSOR_IMAGE_SIZE] FP_FRAME_SECTION __aligned(4); @@ -71,9 +73,9 @@ void fp_task_simulate(void) void fp_clear_finger_context(uint16_t idx) { - always_memset(fp_template[idx], 0, sizeof(fp_template[0])); - always_memset(fp_positive_match_salt[idx], 0, - sizeof(fp_positive_match_salt[0])); + OPENSSL_cleanse(fp_template[idx], sizeof(fp_template[0])); + OPENSSL_cleanse(fp_positive_match_salt[idx], + sizeof(fp_positive_match_salt[0])); } /** @@ -85,9 +87,9 @@ static void _fp_clear_context(void) { templ_valid = 0; templ_dirty = 0; - always_memset(fp_buffer, 0, sizeof(fp_buffer)); - always_memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer)); - always_memset(user_id, 0, sizeof(user_id)); + OPENSSL_cleanse(fp_buffer, sizeof(fp_buffer)); + OPENSSL_cleanse(fp_enc_buffer, sizeof(fp_enc_buffer)); + OPENSSL_cleanse(user_id, sizeof(user_id)); fp_disable_positive_match_secret(&positive_match_secret_state); for (uint16_t idx = 0; idx < FP_MAX_FINGER_COUNT; idx++) fp_clear_finger_context(idx); |