diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-06-11 16:46:36 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-10-08 02:31:05 +0000 |
commit | 762f51eeca42b906e220418188b751b99ae7182d (patch) | |
tree | a68400455dfc3ed3925034e2ad1e98a96191a6ab /include/fpsensor_crypto.h | |
parent | 0df7fdbf07a7d64a13416dc28e1a7538907216c5 (diff) | |
download | chrome-ec-762f51eeca42b906e220418188b751b99ae7182d.tar.gz |
fpsensor: Prepare derivation of positive match secret.
Implement derivation of positive match secret for a template. This
derivation will be used when biod sends a command to ask for
positive match secret and the secret readable bit is set. Also add
unit tests for this derivation.
BRANCH=nocturne
BUG=chromium:927095
TEST=make -j buildall
TEST=tested enrollment, matching and multifinger on DUT nocturne
Change-Id: Ife477a98573284f69c5fb07e814d9a3d09f92127
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1639440
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Diffstat (limited to 'include/fpsensor_crypto.h')
-rw-r--r-- | include/fpsensor_crypto.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/include/fpsensor_crypto.h b/include/fpsensor_crypto.h index e01a38799d..b6252b3fd2 100644 --- a/include/fpsensor_crypto.h +++ b/include/fpsensor_crypto.h @@ -41,6 +41,19 @@ int hkdf_expand(uint8_t *out_key, size_t out_key_size, const uint8_t *prk, int derive_encryption_key(uint8_t *out_key, const uint8_t *salt); /** + * Derive positive match secret from |input_positive_match_salt| and + * SBP_Src_Key. + * + * @param output buffer to store positive match secret, must be at least + * FP_POSITIVE_MATCH_SECRET_BYTES in size. + * @param input_positive_match_salt the salt for deriving secret, must be at + * least FP_POSITIVE_MATCH_SALT_BYTES in size. + * @return EC_SUCCESS on success and error code otherwise. + */ +int derive_positive_match_secret(uint8_t *output, + const uint8_t *input_positive_match_salt); + +/** * Encrypt |plaintext| using AES-GCM128. * * @param key the key to use in AES. |