diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-06-11 16:46:36 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-10-08 02:31:05 +0000 |
commit | 762f51eeca42b906e220418188b751b99ae7182d (patch) | |
tree | a68400455dfc3ed3925034e2ad1e98a96191a6ab /include | |
parent | 0df7fdbf07a7d64a13416dc28e1a7538907216c5 (diff) | |
download | chrome-ec-762f51eeca42b906e220418188b751b99ae7182d.tar.gz |
fpsensor: Prepare derivation of positive match secret.
Implement derivation of positive match secret for a template. This
derivation will be used when biod sends a command to ask for
positive match secret and the secret readable bit is set. Also add
unit tests for this derivation.
BRANCH=nocturne
BUG=chromium:927095
TEST=make -j buildall
TEST=tested enrollment, matching and multifinger on DUT nocturne
Change-Id: Ife477a98573284f69c5fb07e814d9a3d09f92127
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1639440
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/fpsensor_crypto.h | 13 | ||||
-rw-r--r-- | include/fpsensor_state.h | 1 |
2 files changed, 14 insertions, 0 deletions
diff --git a/include/fpsensor_crypto.h b/include/fpsensor_crypto.h index e01a38799d..b6252b3fd2 100644 --- a/include/fpsensor_crypto.h +++ b/include/fpsensor_crypto.h @@ -41,6 +41,19 @@ int hkdf_expand(uint8_t *out_key, size_t out_key_size, const uint8_t *prk, int derive_encryption_key(uint8_t *out_key, const uint8_t *salt); /** + * Derive positive match secret from |input_positive_match_salt| and + * SBP_Src_Key. + * + * @param output buffer to store positive match secret, must be at least + * FP_POSITIVE_MATCH_SECRET_BYTES in size. + * @param input_positive_match_salt the salt for deriving secret, must be at + * least FP_POSITIVE_MATCH_SALT_BYTES in size. + * @return EC_SUCCESS on success and error code otherwise. + */ +int derive_positive_match_secret(uint8_t *output, + const uint8_t *input_positive_match_salt); + +/** * Encrypt |plaintext| using AES-GCM128. * * @param key the key to use in AES. diff --git a/include/fpsensor_state.h b/include/fpsensor_state.h index 2e4e7edd7e..63ebaa465d 100644 --- a/include/fpsensor_state.h +++ b/include/fpsensor_state.h @@ -33,6 +33,7 @@ #define FP_ALGORITHM_TEMPLATE_SIZE 0 #define FP_MAX_FINGER_COUNT 5 #endif +#define FP_POSITIVE_MATCH_SECRET_BYTES 32 #define SBP_ENC_KEY_LEN 16 #define FP_ALGORITHM_ENCRYPTED_TEMPLATE_SIZE \ (FP_ALGORITHM_TEMPLATE_SIZE + \ |