From f7a32618bcacfb3b3ecba62d338aa24dc4a211d1 Mon Sep 17 00:00:00 2001
From: Yicheng Li <yichengli@chromium.org>
Date: Thu, 1 Aug 2019 13:16:23 -0700
Subject: fpsensor: replace memset() with always_memset()

In fpsensor code, use always_memset() in place of memset().

BRANCH=nocturne
BUG=chromium:968809,chromium:989594,b:130238794
TEST=make -j buildall
TEST=tested enrollment, matching and multifinger on nocturne DUT

Change-Id: I29e32bd2838c1f240607799e61f29759aaee7600
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1737206
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
---
 Makefile.rules                    | 2 +-
 board/host/board.h                | 2 ++
 common/fpsensor/fpsensor.c        | 3 +++
 common/fpsensor/fpsensor_crypto.c | 7 ++++---
 common/fpsensor/fpsensor_state.c  | 9 +++++----
 5 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/Makefile.rules b/Makefile.rules
index 1cef50aee8..6777fa24b1 100644
--- a/Makefile.rules
+++ b/Makefile.rules
@@ -78,7 +78,7 @@ cmd_elf = $(CC) $(objs) $(libsharedobjs_elf-y) $(LDFLAGS) \
 cmd_fuzz_exe = $(CXX) $^ $(HOST_TEST_LDFLAGS) $(LDFLAGS_EXTRA) -o $@
 cmd_run_fuzz = build/host/$*/$*.exe -seed=1 -runs=1 $(silent) \
 	$(silent_err) || (echo "Test $* failed!" && false)
-cmd_exe = $(CC) $(ro-objs) $(HOST_TEST_LDFLAGS) -o $@
+cmd_exe = $(CC) $(ro-objs) $(HOST_TEST_LDFLAGS) $(LDFLAGS_EXTRA) -o $@
 cmd_c_to_o = $(CC) $(C_WARN) $(CFLAGS) -MMD -MP -MF $@.d -c $< -o $(@D)/$(@F)
 cmd_cxx_to_o = $(CXX) -std=c++11 $(CFLAGS) $(CXXFLAGS) -MMD -MP -MF $@.d -c $< \
 		      -o $(@D)/$(@F)
diff --git a/board/host/board.h b/board/host/board.h
index 6f41dec203..d202e23f7a 100644
--- a/board/host/board.h
+++ b/board/host/board.h
@@ -21,6 +21,8 @@
 
 #define CONFIG_WP_ACTIVE_HIGH
 
+#define CONFIG_LIBCRYPTOC
+
 #include "gpio_signal.h"
 
 enum temp_sensor_id {
diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c
index facdd3c1bb..d0bc54faba 100644
--- a/common/fpsensor/fpsensor.c
+++ b/common/fpsensor/fpsensor.c
@@ -7,6 +7,7 @@
 #include "clock.h"
 #include "common.h"
 #include "console.h"
+#include "cryptoc/util.h"
 #include "ec_commands.h"
 #include "fpsensor.h"
 #include "fpsensor_crypto.h"
@@ -429,6 +430,7 @@ static int fp_command_frame(struct host_cmd_handler_args *args)
 				      sizeof(fp_template[0]),
 				      enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
 				      enc_info->tag, FP_CONTEXT_TAG_BYTES);
+		always_memset(key, 0, sizeof(key));
 		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to encrypt template", fgr);
 			return EC_RES_UNAVAILABLE;
@@ -517,6 +519,7 @@ static int fp_command_template(struct host_cmd_handler_args *args)
 				      sizeof(fp_template[0]),
 				      enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
 				      enc_info->tag, FP_CONTEXT_TAG_BYTES);
+		always_memset(key, 0, sizeof(key));
 		if (ret != EC_SUCCESS) {
 			CPRINTS("fgr%d: Failed to decipher template", idx);
 			/* Don't leave bad data in the template buffer */
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c
index 6385b7116d..d5bbd03c38 100644
--- a/common/fpsensor/fpsensor_crypto.c
+++ b/common/fpsensor/fpsensor_crypto.c
@@ -5,6 +5,7 @@
 
 #include "aes.h"
 #include "aes-gcm.h"
+#include "cryptoc/util.h"
 #include "fpsensor_crypto.h"
 #include "fpsensor_private.h"
 #include "fpsensor_state.h"
@@ -77,7 +78,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
 	hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1);
 
 	memcpy(out_key, key_buf, out_key_size);
-	memset(key_buf, 0, sizeof(key_buf));
+	always_memset(key_buf, 0, sizeof(key_buf));
 
 	return EC_SUCCESS;
 }
@@ -100,7 +101,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
 
 	/* "Extract step of HKDF. */
 	hkdf_extract(prk, salt, FP_CONTEXT_SALT_BYTES, ikm, sizeof(ikm));
-	memset(ikm, 0, sizeof(ikm));
+	always_memset(ikm, 0, sizeof(ikm));
 
 	/*
 	 * Only 1 "expand" step of HKDF since the size of the "info" context
@@ -109,7 +110,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
 	 */
 	ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk),
 				   (uint8_t *)user_id, sizeof(user_id));
-	memset(prk, 0, sizeof(prk));
+	always_memset(prk, 0, sizeof(prk));
 
 	return ret;
 }
diff --git a/common/fpsensor/fpsensor_state.c b/common/fpsensor/fpsensor_state.c
index 1004c4be70..7474634487 100644
--- a/common/fpsensor/fpsensor_state.c
+++ b/common/fpsensor/fpsensor_state.c
@@ -4,6 +4,7 @@
  */
 
 #include "common.h"
+#include "cryptoc/util.h"
 #include "ec_commands.h"
 #include "fpsensor.h"
 #include "fpsensor_private.h"
@@ -51,7 +52,7 @@ void fp_task_simulate(void)
 
 void fp_clear_finger_context(int idx)
 {
-	memset(fp_template[idx], 0, sizeof(fp_template[0]));
+	always_memset(fp_template[idx], 0, sizeof(fp_template[0]));
 }
 
 void fp_clear_context(void)
@@ -60,9 +61,9 @@ void fp_clear_context(void)
 
 	templ_valid = 0;
 	templ_dirty = 0;
-	memset(fp_buffer, 0, sizeof(fp_buffer));
-	memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer));
-	memset(user_id, 0, sizeof(user_id));
+	always_memset(fp_buffer, 0, sizeof(fp_buffer));
+	always_memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer));
+	always_memset(user_id, 0, sizeof(user_id));
 	for (idx = 0; idx < FP_MAX_FINGER_COUNT; idx++)
 		fp_clear_finger_context(idx);
 	/* TODO maybe shutdown and re-init the private libraries ? */
-- 
cgit v1.2.1