diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-09-24 16:18:38 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-10-09 21:30:42 +0000 |
commit | cb860c94d5b562c6f6833dd60bcf2920713bb9b9 (patch) | |
tree | ed5d2f024083a672773d64bfbba4a902281abbdd /common/fpsensor/fpsensor_crypto.c | |
parent | 18bc5eba805ae2bb140373ba763acd75e20f8805 (diff) | |
download | chrome-ec-cb860c94d5b562c6f6833dd60bcf2920713bb9b9.tar.gz |
fpsensor: Enable positive match secret and positive match salt on enrollment.
On enrollment success, generate new positive_match_salt and send it as part
of the encrypted blob. Also enable positive match secret to be read.
The positive_match_salt is used to derive positive_match_secret and
is different from the encryption salt for encrypting the templates.
The positive_match_salt needs to be sent to biod and stored with templates
because it needs to be re-uploaded to FPMCU the next time the user logs in.
The positive match secret needs to be sent to biod so that it knows what to
compare against at a match.
BRANCH=nocturne
BUG=chromium:927095
TEST=make -j buildall
TEST=tested enrollment, matching and multifinger on DUT nocturne
Change-Id: I3e44a972ee17c5a93bddd52340f8f2249836463a
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1828058
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Diffstat (limited to 'common/fpsensor/fpsensor_crypto.c')
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 4a2b31c411..73d7aca681 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -200,7 +200,8 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) } /* "Extract step of HKDF. */ - hkdf_extract(prk, salt, FP_CONTEXT_SALT_BYTES, ikm, sizeof(ikm)); + hkdf_extract(prk, salt, FP_CONTEXT_ENCRYPTION_SALT_BYTES, ikm, + sizeof(ikm)); always_memset(ikm, 0, sizeof(ikm)); /* |