diff options
Diffstat (limited to 'common/fpsensor')
-rw-r--r-- | common/fpsensor/build.mk | 2 | ||||
-rw-r--r-- | common/fpsensor/fpsensor.c | 144 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 40 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_detect_strings.c | 2 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_private.h | 6 | ||||
-rw-r--r-- | common/fpsensor/fpsensor_state.c | 46 |
6 files changed, 124 insertions, 116 deletions
diff --git a/common/fpsensor/build.mk b/common/fpsensor/build.mk index b2bb248efc..2b476bfa51 100644 --- a/common/fpsensor/build.mk +++ b/common/fpsensor/build.mk @@ -1,4 +1,4 @@ -# Copyright 2019 The Chromium OS Authors. All rights reserved. +# Copyright 2019 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c index 12904c0b39..bd09ed5c3a 100644 --- a/common/fpsensor/fpsensor.c +++ b/common/fpsensor/fpsensor.c @@ -1,4 +1,4 @@ -/* Copyright 2017 The Chromium OS Authors. All rights reserved. +/* Copyright 2017 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -42,14 +42,14 @@ static timestamp_t encryption_deadline; #define FP_SENSOR_IMAGE_OFFSET 0 #endif -#define FP_MODE_ANY_CAPTURE (FP_MODE_CAPTURE | FP_MODE_ENROLL_IMAGE | \ - FP_MODE_MATCH) -#define FP_MODE_ANY_DETECT_FINGER (FP_MODE_FINGER_DOWN | FP_MODE_FINGER_UP | \ - FP_MODE_ANY_CAPTURE) -#define FP_MODE_ANY_WAIT_IRQ (FP_MODE_FINGER_DOWN | FP_MODE_ANY_CAPTURE) +#define FP_MODE_ANY_CAPTURE \ + (FP_MODE_CAPTURE | FP_MODE_ENROLL_IMAGE | FP_MODE_MATCH) +#define FP_MODE_ANY_DETECT_FINGER \ + (FP_MODE_FINGER_DOWN | FP_MODE_FINGER_UP | FP_MODE_ANY_CAPTURE) +#define FP_MODE_ANY_WAIT_IRQ (FP_MODE_FINGER_DOWN | FP_MODE_ANY_CAPTURE) /* Delay between 2 s of the sensor to detect finger removal */ -#define FINGER_POLLING_DELAY (100*MSEC) +#define FINGER_POLLING_DELAY (100 * MSEC) /* Timing statistics. */ static uint32_t capture_time_us; @@ -76,8 +76,8 @@ static inline int is_raw_capture(uint32_t mode) { int capture_type = FP_CAPTURE_TYPE(mode); - return (capture_type == FP_CAPTURE_VENDOR_FORMAT - || capture_type == FP_CAPTURE_QUALITY_TEST); + return (capture_type == FP_CAPTURE_VENDOR_FORMAT || + capture_type == FP_CAPTURE_QUALITY_TEST); } __maybe_unused static bool fp_match_success(int match_result) @@ -92,10 +92,10 @@ static inline int is_test_capture(uint32_t mode) { int capture_type = FP_CAPTURE_TYPE(mode); - return (mode & FP_MODE_CAPTURE) - && (capture_type == FP_CAPTURE_PATTERN0 - || capture_type == FP_CAPTURE_PATTERN1 - || capture_type == FP_CAPTURE_RESET_TEST); + return (mode & FP_MODE_CAPTURE) && + (capture_type == FP_CAPTURE_PATTERN0 || + capture_type == FP_CAPTURE_PATTERN1 || + capture_type == FP_CAPTURE_RESET_TEST); } /* @@ -119,8 +119,8 @@ static uint32_t fp_process_enroll(void) res = fp_finger_enroll(fp_buffer, &percent); CPRINTS("[%d]Enroll =>%d (%d%%)", templ_valid, res, percent); if (res < 0) - return EC_MKBP_FP_ENROLL - | EC_MKBP_FP_ERRCODE(EC_MKBP_FP_ERR_ENROLL_INTERNAL); + return EC_MKBP_FP_ENROLL | + EC_MKBP_FP_ERRCODE(EC_MKBP_FP_ERR_ENROLL_INTERNAL); templ_dirty |= BIT(templ_valid); if (percent == 100) { res = fp_enrollment_finish(fp_template[templ_valid]); @@ -128,15 +128,15 @@ static uint32_t fp_process_enroll(void) res = EC_MKBP_FP_ERR_ENROLL_INTERNAL; } else { template_newly_enrolled = templ_valid; - fp_enable_positive_match_secret(templ_valid, - &positive_match_secret_state); + fp_enable_positive_match_secret( + templ_valid, &positive_match_secret_state); templ_valid++; } sensor_mode &= ~FP_MODE_ENROLL_SESSION; enroll_session &= ~FP_MODE_ENROLL_SESSION; } - return EC_MKBP_FP_ENROLL | EC_MKBP_FP_ERRCODE(res) - | (percent << EC_MKBP_FP_ENROLL_PROGRESS_OFFSET); + return EC_MKBP_FP_ENROLL | EC_MKBP_FP_ERRCODE(res) | + (percent << EC_MKBP_FP_ENROLL_PROGRESS_OFFSET); } static uint32_t fp_process_match(void) @@ -161,8 +161,8 @@ static uint32_t fp_process_match(void) * with EC_MKBP_FP_ERR_MATCH_NO_INTERNAL. */ if (fgr >= 0 && fgr < FP_MAX_FINGER_COUNT) { - fp_enable_positive_match_secret(fgr, - &positive_match_secret_state); + fp_enable_positive_match_secret( + fgr, &positive_match_secret_state); } else { res = EC_MKBP_FP_ERR_MATCH_NO_INTERNAL; } @@ -187,8 +187,9 @@ static uint32_t fp_process_match(void) timestamps_invalid |= FPSTATS_MATCHING_INV; matching_time_us = time_since32(t0); - return EC_MKBP_FP_MATCH | EC_MKBP_FP_ERRCODE(res) - | ((fgr << EC_MKBP_FP_MATCH_IDX_OFFSET) & EC_MKBP_FP_MATCH_IDX_MASK); + return EC_MKBP_FP_MATCH | EC_MKBP_FP_ERRCODE(res) | + ((fgr << EC_MKBP_FP_MATCH_IDX_OFFSET) & + EC_MKBP_FP_MATCH_IDX_MASK); } static void fp_process_finger(void) @@ -260,12 +261,12 @@ void fp_task(void) } else { fp_enrollment_finish(NULL); } - enroll_session = - sensor_mode & FP_MODE_ENROLL_SESSION; + enroll_session = sensor_mode & + FP_MODE_ENROLL_SESSION; } if (is_test_capture(mode)) { - fp_sensor_acquire_image_with_mode(fp_buffer, - FP_CAPTURE_TYPE(mode)); + fp_sensor_acquire_image_with_mode( + fp_buffer, FP_CAPTURE_TYPE(mode)); sensor_mode &= ~FP_MODE_CAPTURE; send_mkbp_event(EC_MKBP_FP_IMAGE_READY); continue; @@ -343,13 +344,14 @@ static enum ec_status fp_command_passthru(struct host_cmd_handler_args *args) if (system_is_locked()) return EC_RES_ACCESS_DENIED; - if (params->len > args->params_size + - offsetof(struct ec_params_fp_passthru, data) || + if (params->len > + args->params_size + + offsetof(struct ec_params_fp_passthru, data) || params->len > args->response_max) return EC_RES_INVALID_PARAM; - rc = spi_transaction_async(&spi_devices[0], params->data, - params->len, out, SPI_READBACK_ALL); + rc = spi_transaction_async(&spi_devices[0], params->data, params->len, + out, SPI_READBACK_ALL); if (params->flags & EC_FP_FLAG_NOT_COMPLETE) rc |= spi_transaction_wait(&spi_devices[0]); else @@ -381,8 +383,9 @@ static enum ec_status fp_command_info(struct host_cmd_handler_args *args) r->template_version = FP_TEMPLATE_FORMAT_VERSION; /* V1 is identical to V0 with more information appended */ - args->response_size = args->version ? sizeof(*r) : - sizeof(struct ec_response_fp_info_v0); + args->response_size = args->version ? + sizeof(*r) : + sizeof(struct ec_response_fp_info_v0); return EC_RES_SUCCESS; } DECLARE_HOST_COMMAND(EC_CMD_FP_INFO, fp_command_info, @@ -472,23 +475,27 @@ static enum ec_status fp_command_frame(struct host_cmd_handler_args *args) */ enc_info = (void *)fp_enc_buffer; enc_info->struct_version = FP_TEMPLATE_FORMAT_VERSION; - init_trng(); - rand_bytes(enc_info->nonce, FP_CONTEXT_NONCE_BYTES); - rand_bytes(enc_info->encryption_salt, - FP_CONTEXT_ENCRYPTION_SALT_BYTES); - exit_trng(); + trng_init(); + trng_rand_bytes(enc_info->nonce, FP_CONTEXT_NONCE_BYTES); + trng_rand_bytes(enc_info->encryption_salt, + FP_CONTEXT_ENCRYPTION_SALT_BYTES); + trng_exit(); - if (fgr == template_newly_enrolled) { + /* + * TODO(http://b/244781166): Use consistent types so cast is + * not needed. + */ + if (fgr == (uint32_t)template_newly_enrolled) { /* * Newly enrolled templates need new positive match * salt, new positive match secret and new validation * value. */ template_newly_enrolled = FP_NO_SUCH_TEMPLATE; - init_trng(); - rand_bytes(fp_positive_match_salt[fgr], - FP_POSITIVE_MATCH_SALT_BYTES); - exit_trng(); + trng_init(); + trng_rand_bytes(fp_positive_match_salt[fgr], + FP_POSITIVE_MATCH_SALT_BYTES); + trng_exit(); } ret = derive_encryption_key(key, enc_info->encryption_salt); @@ -508,8 +515,7 @@ static enum ec_status fp_command_frame(struct host_cmd_handler_args *args) /* Encrypt the secret blob in-place. */ ret = aes_gcm_encrypt(key, SBP_ENC_KEY_LEN, encrypted_template, - encrypted_template, - encrypted_blob_size, + encrypted_template, encrypted_blob_size, enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); always_memset(key, 0, sizeof(key)); @@ -550,12 +556,11 @@ DECLARE_HOST_COMMAND(EC_CMD_FP_STATS, fp_command_stats, EC_VER_MASK(0)); static bool template_needs_validation_value( struct ec_fp_template_encryption_metadata *enc_info) { - return enc_info->struct_version == 3 - && FP_TEMPLATE_FORMAT_VERSION == 4; + return enc_info->struct_version == 3 && FP_TEMPLATE_FORMAT_VERSION == 4; } -static int validate_template_format( - struct ec_fp_template_encryption_metadata *enc_info) +static int +validate_template_format(struct ec_fp_template_encryption_metadata *enc_info) { if (template_needs_validation_value(enc_info)) /* The host requested migration to v4. */ @@ -619,9 +624,8 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args) if (enc_info->struct_version <= 3) { encrypted_blob_size = sizeof(fp_template[0]); } else { - encrypted_blob_size = - sizeof(fp_template[0]) + - sizeof(fp_positive_match_salt[0]); + encrypted_blob_size = sizeof(fp_template[0]) + + sizeof(fp_positive_match_salt[0]); } ret = derive_encryption_key(key, enc_info->encryption_salt); @@ -632,8 +636,7 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args) /* Decrypt the secret blob in-place. */ ret = aes_gcm_decrypt(key, SBP_ENC_KEY_LEN, encrypted_template, - encrypted_template, - encrypted_blob_size, + encrypted_template, encrypted_blob_size, enc_info->nonce, FP_CONTEXT_NONCE_BYTES, enc_info->tag, FP_CONTEXT_TAG_BYTES); always_memset(key, 0, sizeof(key)); @@ -647,10 +650,10 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args) sizeof(fp_template[0])); if (template_needs_validation_value(enc_info)) { CPRINTS("fgr%d: Generating positive match salt.", idx); - init_trng(); - rand_bytes(positive_match_salt, - FP_POSITIVE_MATCH_SALT_BYTES); - exit_trng(); + trng_init(); + trng_rand_bytes(positive_match_salt, + FP_POSITIVE_MATCH_SALT_BYTES); + trng_exit(); } if (bytes_are_trivial(positive_match_salt, sizeof(fp_positive_match_salt[0]))) { @@ -703,7 +706,8 @@ DECLARE_HOST_COMMAND(EC_CMD_FP_TEMPLATE, fp_command_template, EC_VER_MASK(0)); * Add the following to your ${HOME}/.screenrc: * * zmodem catch - * zmodem recvcmd '!!! bash -c "ascii-xfr -rdv /tmp/finger.pgm && display /tmp/finger.pgm"' + * zmodem recvcmd '!!! bash -c "ascii-xfr -rdv /tmp/finger.pgm && display + * /tmp/finger.pgm"' * * From *outside the chroot*, use screen to connect to UART console: * @@ -761,7 +765,7 @@ static enum ec_error_list fp_console_action(uint32_t mode) return EC_ERROR_TIMEOUT; } -static int command_fpcapture(int argc, char **argv) +static int command_fpcapture(int argc, const char **argv) { int capture_type = FP_CAPTURE_SIMPLE_IMAGE; uint32_t mode; @@ -781,8 +785,8 @@ static int command_fpcapture(int argc, char **argv) if (*e || capture_type < 0) return EC_ERROR_PARAM1; } - mode = FP_MODE_CAPTURE | ((capture_type << FP_MODE_CAPTURE_TYPE_SHIFT) - & FP_MODE_CAPTURE_TYPE_MASK); + mode = FP_MODE_CAPTURE | ((capture_type << FP_MODE_CAPTURE_TYPE_SHIFT) & + FP_MODE_CAPTURE_TYPE_MASK); rc = fp_console_action(mode); if (rc == EC_SUCCESS) @@ -794,13 +798,13 @@ DECLARE_CONSOLE_COMMAND_FLAGS(fpcapture, command_fpcapture, NULL, "Capture fingerprint in PGM format", CMD_FLAG_RESTRICTED); -static int command_fpenroll(int argc, char **argv) +static int command_fpenroll(int argc, const char **argv) { enum ec_error_list rc; int percent = 0; uint32_t event; - static const char * const enroll_str[] = {"OK", "Low Quality", - "Immobile", "Low Coverage"}; + static const char *const enroll_str[] = { "OK", "Low Quality", + "Immobile", "Low Coverage" }; /* * TODO(b/142944002): Remove this redundant check for system_is_locked @@ -832,11 +836,9 @@ static int command_fpenroll(int argc, char **argv) return rc; } DECLARE_CONSOLE_COMMAND_FLAGS(fpenroll, command_fpenroll, NULL, - "Enroll a new fingerprint", - CMD_FLAG_RESTRICTED); - + "Enroll a new fingerprint", CMD_FLAG_RESTRICTED); -static int command_fpmatch(int argc, char **argv) +static int command_fpmatch(int argc, const char **argv) { enum ec_error_list rc = fp_console_action(FP_MODE_MATCH); uint32_t event = atomic_clear(&fp_events); @@ -854,7 +856,7 @@ static int command_fpmatch(int argc, char **argv) DECLARE_CONSOLE_COMMAND(fpmatch, command_fpmatch, NULL, "Run match algorithm against finger"); -static int command_fpclear(int argc, char **argv) +static int command_fpclear(int argc, const char **argv) { /* * We intentionally run this on the fp_task so that we use the @@ -872,7 +874,7 @@ static int command_fpclear(int argc, char **argv) DECLARE_CONSOLE_COMMAND(fpclear, command_fpclear, NULL, "Clear fingerprint sensor context"); -static int command_fpmaintenance(int argc, char **argv) +static int command_fpmaintenance(int argc, const char **argv) { #ifdef HAVE_FP_PRIVATE_DRIVER return fp_maintenance(); diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 73d7aca681..257042197e 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -1,4 +1,4 @@ -/* Copyright 2019 The Chromium OS Authors. All rights reserved. +/* Copyright 2019 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -17,7 +17,7 @@ #error "fpsensor requires AES, AES_GCM and ROLLBACK_SECRET_SIZE" #endif -static int get_ikm(uint8_t *ikm) +test_export_static int get_ikm(uint8_t *ikm) { int ret; @@ -44,6 +44,14 @@ static int get_ikm(uint8_t *ikm) return EC_SUCCESS; } +test_mockable void compute_hmac_sha256(uint8_t *output, const uint8_t *key, + const int key_len, + const uint8_t *message, + const int message_len) +{ + hmac_SHA256(output, key, key_len, message, message_len); +} + static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, const uint8_t *ikm, size_t ikm_size) { @@ -51,12 +59,12 @@ static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, * Derive a key with the "extract" step of HKDF * https://tools.ietf.org/html/rfc5869#section-2.2 */ - hmac_SHA256(prk, salt, salt_size, ikm, ikm_size); + compute_hmac_sha256(prk, salt, salt_size, ikm, ikm_size); } static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, - uint8_t *prk, size_t prk_size, - uint8_t *info, size_t info_size) + uint8_t *prk, size_t prk_size, uint8_t *info, + size_t info_size) { uint8_t key_buf[SHA256_DIGEST_SIZE]; uint8_t message_buf[SHA256_DIGEST_SIZE + 1]; @@ -75,7 +83,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, memcpy(message_buf, info, info_size); /* 1 step, set the counter byte to 1. */ message_buf[info_size] = 0x01; - hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1); + compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); always_memset(key_buf, 0, sizeof(key_buf)); @@ -83,8 +91,8 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, return EC_SUCCESS; } -int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, - size_t prk_size, const uint8_t *info, size_t info_size) +int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size, + const uint8_t *info, size_t info_size) { /* * "Expand" step of HKDF. @@ -123,8 +131,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, memcpy(info_buffer, T, T_len); memcpy(info_buffer + T_len, info, info_size); info_buffer[T_len + info_size] = count; - hmac_SHA256(T_buffer, prk, prk_size, info_buffer, - T_len + info_size + sizeof(count)); + compute_hmac_sha256(T_buffer, prk, prk_size, info_buffer, + T_len + info_size + sizeof(count)); memcpy(out_key, T_buffer, block_size); T += T_len; @@ -216,11 +224,9 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) return ret; } -int aes_gcm_encrypt(const uint8_t *key, int key_size, - const uint8_t *plaintext, - uint8_t *ciphertext, int text_size, - const uint8_t *nonce, int nonce_size, - uint8_t *tag, int tag_size) +int aes_gcm_encrypt(const uint8_t *key, int key_size, const uint8_t *plaintext, + uint8_t *ciphertext, int text_size, const uint8_t *nonce, + int nonce_size, uint8_t *tag, int tag_size) { int res; AES_KEY aes_key; @@ -251,8 +257,8 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size, int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, const uint8_t *ciphertext, int text_size, - const uint8_t *nonce, int nonce_size, - const uint8_t *tag, int tag_size) + const uint8_t *nonce, int nonce_size, const uint8_t *tag, + int tag_size) { int res; AES_KEY aes_key; diff --git a/common/fpsensor/fpsensor_detect_strings.c b/common/fpsensor/fpsensor_detect_strings.c index 352dc90ee5..af08219ced 100644 --- a/common/fpsensor/fpsensor_detect_strings.c +++ b/common/fpsensor/fpsensor_detect_strings.c @@ -1,4 +1,4 @@ -/* Copyright 2020 The Chromium OS Authors. All rights reserved. +/* Copyright 2020 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ diff --git a/common/fpsensor/fpsensor_private.h b/common/fpsensor/fpsensor_private.h index a42049dece..919c523273 100644 --- a/common/fpsensor/fpsensor_private.h +++ b/common/fpsensor/fpsensor_private.h @@ -1,4 +1,4 @@ -/* Copyright 2019 The Chromium OS Authors. All rights reserved. +/* Copyright 2019 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -10,8 +10,8 @@ #include <stdint.h> -#define CPRINTF(format, args...) cprintf(CC_FP, format, ## args) -#define CPRINTS(format, args...) cprints(CC_FP, format, ## args) +#define CPRINTF(format, args...) cprintf(CC_FP, format, ##args) +#define CPRINTS(format, args...) cprints(CC_FP, format, ##args) int validate_fp_buffer_offset(uint32_t buffer_size, uint32_t offset, uint32_t size); diff --git a/common/fpsensor/fpsensor_state.c b/common/fpsensor/fpsensor_state.c index bd907e2c00..8153df9883 100644 --- a/common/fpsensor/fpsensor_state.c +++ b/common/fpsensor/fpsensor_state.c @@ -1,4 +1,4 @@ -/* Copyright 2019 The Chromium OS Authors. All rights reserved. +/* Copyright 2019 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -19,25 +19,25 @@ /* Last acquired frame (aligned as it is used by arbitrary binary libraries) */ uint8_t fp_buffer[FP_SENSOR_IMAGE_SIZE] FP_FRAME_SECTION __aligned(4); /* Fingers templates for the current user */ -uint8_t fp_template[FP_MAX_FINGER_COUNT][FP_ALGORITHM_TEMPLATE_SIZE] - FP_TEMPLATE_SECTION; +uint8_t fp_template[FP_MAX_FINGER_COUNT] + [FP_ALGORITHM_TEMPLATE_SIZE] FP_TEMPLATE_SECTION; /* Encryption/decryption buffer */ /* TODO: On-the-fly encryption/decryption without a dedicated buffer */ /* * Store the encryption metadata at the beginning of the buffer containing the * ciphered data. */ -uint8_t fp_enc_buffer[FP_ALGORITHM_ENCRYPTED_TEMPLATE_SIZE] - FP_TEMPLATE_SECTION; +uint8_t fp_enc_buffer[FP_ALGORITHM_ENCRYPTED_TEMPLATE_SIZE] FP_TEMPLATE_SECTION; /* Salt used in derivation of positive match secret. */ -uint8_t fp_positive_match_salt - [FP_MAX_FINGER_COUNT][FP_POSITIVE_MATCH_SALT_BYTES]; +uint8_t fp_positive_match_salt[FP_MAX_FINGER_COUNT] + [FP_POSITIVE_MATCH_SALT_BYTES]; -struct positive_match_secret_state positive_match_secret_state = { - .template_matched = FP_NO_SUCH_TEMPLATE, - .readable = false, - .deadline.val = 0, -}; +struct positive_match_secret_state + positive_match_secret_state = { .template_matched = FP_NO_SUCH_TEMPLATE, + .readable = false, + .deadline = { + .val = 0, + } }; /* Index of the last enrolled but not retrieved template. */ int8_t template_newly_enrolled = FP_NO_SUCH_TEMPLATE; @@ -178,7 +178,7 @@ static int validate_fp_mode(const uint32_t mode) return EC_SUCCESS; } -int fp_set_sensor_mode(uint32_t mode, uint32_t *mode_output) +enum ec_status fp_set_sensor_mode(uint32_t mode, uint32_t *mode_output) { int ret; @@ -205,7 +205,7 @@ static enum ec_status fp_command_mode(struct host_cmd_handler_args *args) const struct ec_params_fp_mode *p = args->params; struct ec_response_fp_mode *r = args->response; - int ret = fp_set_sensor_mode(p->mode, &r->mode); + enum ec_status ret = fp_set_sensor_mode(p->mode, &r->mode); if (ret == EC_RES_SUCCESS) args->response_size = sizeof(*r); @@ -262,23 +262,22 @@ int fp_enable_positive_match_secret(uint32_t fgr, return EC_SUCCESS; } -void fp_disable_positive_match_secret( - struct positive_match_secret_state *state) +void fp_disable_positive_match_secret(struct positive_match_secret_state *state) { state->template_matched = FP_NO_SUCH_TEMPLATE; state->readable = false; state->deadline.val = 0; } -static enum ec_status fp_command_read_match_secret( - struct host_cmd_handler_args *args) +static enum ec_status +fp_command_read_match_secret(struct host_cmd_handler_args *args) { const struct ec_params_fp_read_match_secret *params = args->params; struct ec_response_fp_read_match_secret *response = args->response; int8_t fgr = params->fgr; timestamp_t now = get_time(); - struct positive_match_secret_state state_copy - = positive_match_secret_state; + struct positive_match_secret_state state_copy = + positive_match_secret_state; fp_disable_positive_match_secret(&positive_match_secret_state); @@ -293,13 +292,14 @@ static enum ec_status fp_command_read_match_secret( } if (fgr != state_copy.template_matched || !state_copy.readable) { CPRINTS("Positive match secret for finger %d is not meant to " - "be read now.", fgr); + "be read now.", + fgr); return EC_RES_ACCESS_DENIED; } if (derive_positive_match_secret(response->positive_match_secret, - fp_positive_match_salt[fgr]) - != EC_SUCCESS) { + fp_positive_match_salt[fgr]) != + EC_SUCCESS) { CPRINTS("Failed to derive positive match secret for finger %d", fgr); /* Keep the template and encryption salt. */ |