fpsensor: only 1 encryption per second

Prevent userspace from constantly hammering the EC for new encrypted
messages to avoid IV collision.

BUG=b:114160734
BUG=b:73337313
BRANCH=nocturne
TEST=Frequent consecutive touches, see EC_RES_BUSY being returned when
two matches are very close.

Change-Id: I9c81b4a21e289bf48fbfcbba50cd2a7ab83db38a
Signed-off-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1215542
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/common/fpsensor.c b/common/fpsensor.c
index 9a634a58b7..627fe7ca82 100644
--- a/common/fpsensor.c
+++ b/common/fpsensor.c
@@ -74,6 +74,8 @@ static uint32_t templ_valid;
 static uint32_t templ_dirty;
 /* Current user ID */
 static uint32_t user_id[FP_CONTEXT_USERID_WORDS];
+/* Ready to encrypt a template. */
+static timestamp_t encryption_deadline;
 
 #define CPRINTF(format, args...) cprintf(CC_FP, format, ## args)
 #define CPRINTS(format, args...) cprints(CC_FP, format, ## args)
@@ -576,6 +578,13 @@ static int fp_command_frame(struct host_cmd_handler_args *args)
 
 	if (!offset) {
 		/* Host has requested the first chunk, do the encryption. */
+		timestamp_t now = get_time();
+
+		/* b/114160734: Not more than 1 encrypted message per second. */
+		if (!timestamp_expired(encryption_deadline, &now))
+			return EC_RES_BUSY;
+		encryption_deadline.val = now.val + (1 * SECOND);
+
 		memset(fp_enc_buffer, 0, sizeof(fp_enc_buffer));
 		/* The beginning of the buffer contains nonce/salt/tag. */
 		enc_info = (void *)fp_enc_buffer;