diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-06-06 18:27:42 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-06-13 19:13:57 +0000 |
commit | 35d0e17de6d76699c4fac850d39ed4c4b5488cb2 (patch) | |
tree | c527fec2dd43909f444f6f12a2d9c8336ce9720a /include | |
parent | 2fb0ff65ecac63829d93d1d9ae0994ebf7a5883d (diff) | |
download | chrome-ec-35d0e17de6d76699c4fac850d39ed4c4b5488cb2.tar.gz |
fpsensor: Move crypto-related code to fpsensor_crypto.c
Move crypto-related code to common/fpsensor/fpsensor_state.c. This
facilitates unittesting because we can control whether to link in
crypto-related code, and also facilitates mocking the encryption
engine.
BRANCH=nocturne
BUG=chromium:927095
TEST=ran unittests
TEST=tested enrollment, matching and multifinger on DUT nocturne
Change-Id: I5bffc1460cbe2c9e3d6294ea5fff41f14019f0eb
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1648922
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/fpsensor_crypto.h | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/include/fpsensor_crypto.h b/include/fpsensor_crypto.h new file mode 100644 index 0000000000..515955fe03 --- /dev/null +++ b/include/fpsensor_crypto.h @@ -0,0 +1,59 @@ +/* Copyright 2019 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* Fingerprint sensor crypto operations */ + +#ifndef __CROS_EC_FPSENSOR_CRYPTO_H +#define __CROS_EC_FPSENSOR_CRYPTO_H + +/** + * Derive hardware encryption key from rollback secret and |salt|. + * + * @param outkey the pointer to buffer holding the output key. + * @param salt the salt to use in HKDF. + * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise. + */ +int derive_encryption_key(uint8_t *out_key, uint8_t *salt); + +/** + * Encrypt |plaintext| using AES-GCM128. + * + * @param key the key to use in AES. + * @param key_size the size of |key| in bytes. + * @param plaintext the plain text to encrypt. + * @param ciphertext buffer to hold encryption result. + * @param text_size size of both |plaintext| and output ciphertext in bytes. + * @param nonce the nonce value to use in GCM128. + * @param nonce_size the size of |nonce| in bytes. + * @param tag the tag to hold the authenticator after encryption. + * @param tag_size the size of |tag|. + * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise. + */ +int aes_gcm_encrypt(const uint8_t *key, int key_size, + const uint8_t *plaintext, + uint8_t *ciphertext, int text_size, + const uint8_t *nonce, int nonce_size, + uint8_t *tag, int tag_size); + +/** + * Decrypt |plaintext| using AES-GCM128. + * + * @param key the key to use in AES. + * @param key_size the size of |key| in bytes. + * @param ciphertext the cipher text to decrypt. + * @param plaintext buffer to hold decryption result. + * @param text_size size of both |ciphertext| and output plaintext in bytes. + * @param nonce the nonce value to use in GCM128. + * @param nonce_size the size of |nonce| in bytes. + * @param tag the tag to compare against when decryption finishes. + * @param tag_size the length of tag to compare against. + * @return EC_RES_SUCCESS on success and EC_RES_ERROR otherwise. + */ +int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, + const uint8_t *ciphertext, int text_size, + const uint8_t *nonce, int nonce_size, + const uint8_t *tag, int tag_size); + +#endif /* __CROS_EC_FPSENSOR_CRYPTO_H */ |