diff options
| author | Yicheng Li <yichengli@chromium.org> | 2019-09-24 16:18:38 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-10-09 21:30:42 +0000 |
| commit | cb860c94d5b562c6f6833dd60bcf2920713bb9b9 (patch) | |
| tree | ed5d2f024083a672773d64bfbba4a902281abbdd /test | |
| parent | 18bc5eba805ae2bb140373ba763acd75e20f8805 (diff) | |
| download | chrome-ec-cb860c94d5b562c6f6833dd60bcf2920713bb9b9.tar.gz | |
fpsensor: Enable positive match secret and positive match salt on enrollment.
On enrollment success, generate new positive_match_salt and send it as part
of the encrypted blob. Also enable positive match secret to be read.
The positive_match_salt is used to derive positive_match_secret and
is different from the encryption salt for encrypting the templates.
The positive_match_salt needs to be sent to biod and stored with templates
because it needs to be re-uploaded to FPMCU the next time the user logs in.
The positive match secret needs to be sent to biod so that it knows what to
compare against at a match.
BRANCH=nocturne
BUG=chromium:927095
TEST=make -j buildall
TEST=tested enrollment, matching and multifinger on DUT nocturne
Change-Id: I3e44a972ee17c5a93bddd52340f8f2249836463a
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1828058
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Diffstat (limited to 'test')
| -rw-r--r-- | test/fpsensor.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/test/fpsensor.c b/test/fpsensor.c index 962295afbf..81441295ae 100644 --- a/test/fpsensor.c +++ b/test/fpsensor.c @@ -276,7 +276,7 @@ test_static int test_hkdf_expand(void) test_static int test_derive_encryption_key_failure_seed_not_set(void) { static uint8_t unused_key[SBP_ENC_KEY_LEN]; - static const uint8_t unused_salt[FP_CONTEXT_SALT_BYTES] = { 0 }; + static const uint8_t unused_salt[FP_CONTEXT_ENCRYPTION_SALT_BYTES]; /* GIVEN that the TPM seed is not set. */ if (fp_tpm_seed_is_set()) { @@ -373,7 +373,7 @@ test_static int test_derive_encryption_key(void) test_static int test_derive_encryption_key_failure_rollback_fail(void) { static uint8_t unused_key[SBP_ENC_KEY_LEN]; - static const uint8_t unused_salt[FP_CONTEXT_SALT_BYTES] = { 0 }; + static const uint8_t unused_salt[FP_CONTEXT_ENCRYPTION_SALT_BYTES]; /* GIVEN that reading the rollback secret will fail. */ rollback_should_fail = 1; @@ -473,7 +473,7 @@ test_static int test_derive_positive_match_secret_fail_salt_trivial(void) { static uint8_t output[FP_POSITIVE_MATCH_SECRET_BYTES]; /* GIVEN that the salt is trivial. */ - static const uint8_t salt[FP_CONTEXT_SALT_BYTES] = { 0 }; + static const uint8_t salt[FP_CONTEXT_ENCRYPTION_SALT_BYTES] = { 0 }; /* THEN deriving positive match secret will fail. */ TEST_ASSERT(derive_positive_match_secret(output, salt) |