summaryrefslogtreecommitdiff
path: root/common/fpsensor
diff options
context:
space:
mode:
Diffstat (limited to 'common/fpsensor')
-rw-r--r--common/fpsensor/build.mk2
-rw-r--r--common/fpsensor/fpsensor.c144
-rw-r--r--common/fpsensor/fpsensor_crypto.c40
-rw-r--r--common/fpsensor/fpsensor_detect_strings.c2
-rw-r--r--common/fpsensor/fpsensor_private.h6
-rw-r--r--common/fpsensor/fpsensor_state.c46
6 files changed, 124 insertions, 116 deletions
diff --git a/common/fpsensor/build.mk b/common/fpsensor/build.mk
index b2bb248efc..2b476bfa51 100644
--- a/common/fpsensor/build.mk
+++ b/common/fpsensor/build.mk
@@ -1,4 +1,4 @@
-# Copyright 2019 The Chromium OS Authors. All rights reserved.
+# Copyright 2019 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
diff --git a/common/fpsensor/fpsensor.c b/common/fpsensor/fpsensor.c
index 12904c0b39..bd09ed5c3a 100644
--- a/common/fpsensor/fpsensor.c
+++ b/common/fpsensor/fpsensor.c
@@ -1,4 +1,4 @@
-/* Copyright 2017 The Chromium OS Authors. All rights reserved.
+/* Copyright 2017 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
@@ -42,14 +42,14 @@ static timestamp_t encryption_deadline;
#define FP_SENSOR_IMAGE_OFFSET 0
#endif
-#define FP_MODE_ANY_CAPTURE (FP_MODE_CAPTURE | FP_MODE_ENROLL_IMAGE | \
- FP_MODE_MATCH)
-#define FP_MODE_ANY_DETECT_FINGER (FP_MODE_FINGER_DOWN | FP_MODE_FINGER_UP | \
- FP_MODE_ANY_CAPTURE)
-#define FP_MODE_ANY_WAIT_IRQ (FP_MODE_FINGER_DOWN | FP_MODE_ANY_CAPTURE)
+#define FP_MODE_ANY_CAPTURE \
+ (FP_MODE_CAPTURE | FP_MODE_ENROLL_IMAGE | FP_MODE_MATCH)
+#define FP_MODE_ANY_DETECT_FINGER \
+ (FP_MODE_FINGER_DOWN | FP_MODE_FINGER_UP | FP_MODE_ANY_CAPTURE)
+#define FP_MODE_ANY_WAIT_IRQ (FP_MODE_FINGER_DOWN | FP_MODE_ANY_CAPTURE)
/* Delay between 2 s of the sensor to detect finger removal */
-#define FINGER_POLLING_DELAY (100*MSEC)
+#define FINGER_POLLING_DELAY (100 * MSEC)
/* Timing statistics. */
static uint32_t capture_time_us;
@@ -76,8 +76,8 @@ static inline int is_raw_capture(uint32_t mode)
{
int capture_type = FP_CAPTURE_TYPE(mode);
- return (capture_type == FP_CAPTURE_VENDOR_FORMAT
- || capture_type == FP_CAPTURE_QUALITY_TEST);
+ return (capture_type == FP_CAPTURE_VENDOR_FORMAT ||
+ capture_type == FP_CAPTURE_QUALITY_TEST);
}
__maybe_unused static bool fp_match_success(int match_result)
@@ -92,10 +92,10 @@ static inline int is_test_capture(uint32_t mode)
{
int capture_type = FP_CAPTURE_TYPE(mode);
- return (mode & FP_MODE_CAPTURE)
- && (capture_type == FP_CAPTURE_PATTERN0
- || capture_type == FP_CAPTURE_PATTERN1
- || capture_type == FP_CAPTURE_RESET_TEST);
+ return (mode & FP_MODE_CAPTURE) &&
+ (capture_type == FP_CAPTURE_PATTERN0 ||
+ capture_type == FP_CAPTURE_PATTERN1 ||
+ capture_type == FP_CAPTURE_RESET_TEST);
}
/*
@@ -119,8 +119,8 @@ static uint32_t fp_process_enroll(void)
res = fp_finger_enroll(fp_buffer, &percent);
CPRINTS("[%d]Enroll =>%d (%d%%)", templ_valid, res, percent);
if (res < 0)
- return EC_MKBP_FP_ENROLL
- | EC_MKBP_FP_ERRCODE(EC_MKBP_FP_ERR_ENROLL_INTERNAL);
+ return EC_MKBP_FP_ENROLL |
+ EC_MKBP_FP_ERRCODE(EC_MKBP_FP_ERR_ENROLL_INTERNAL);
templ_dirty |= BIT(templ_valid);
if (percent == 100) {
res = fp_enrollment_finish(fp_template[templ_valid]);
@@ -128,15 +128,15 @@ static uint32_t fp_process_enroll(void)
res = EC_MKBP_FP_ERR_ENROLL_INTERNAL;
} else {
template_newly_enrolled = templ_valid;
- fp_enable_positive_match_secret(templ_valid,
- &positive_match_secret_state);
+ fp_enable_positive_match_secret(
+ templ_valid, &positive_match_secret_state);
templ_valid++;
}
sensor_mode &= ~FP_MODE_ENROLL_SESSION;
enroll_session &= ~FP_MODE_ENROLL_SESSION;
}
- return EC_MKBP_FP_ENROLL | EC_MKBP_FP_ERRCODE(res)
- | (percent << EC_MKBP_FP_ENROLL_PROGRESS_OFFSET);
+ return EC_MKBP_FP_ENROLL | EC_MKBP_FP_ERRCODE(res) |
+ (percent << EC_MKBP_FP_ENROLL_PROGRESS_OFFSET);
}
static uint32_t fp_process_match(void)
@@ -161,8 +161,8 @@ static uint32_t fp_process_match(void)
* with EC_MKBP_FP_ERR_MATCH_NO_INTERNAL.
*/
if (fgr >= 0 && fgr < FP_MAX_FINGER_COUNT) {
- fp_enable_positive_match_secret(fgr,
- &positive_match_secret_state);
+ fp_enable_positive_match_secret(
+ fgr, &positive_match_secret_state);
} else {
res = EC_MKBP_FP_ERR_MATCH_NO_INTERNAL;
}
@@ -187,8 +187,9 @@ static uint32_t fp_process_match(void)
timestamps_invalid |= FPSTATS_MATCHING_INV;
matching_time_us = time_since32(t0);
- return EC_MKBP_FP_MATCH | EC_MKBP_FP_ERRCODE(res)
- | ((fgr << EC_MKBP_FP_MATCH_IDX_OFFSET) & EC_MKBP_FP_MATCH_IDX_MASK);
+ return EC_MKBP_FP_MATCH | EC_MKBP_FP_ERRCODE(res) |
+ ((fgr << EC_MKBP_FP_MATCH_IDX_OFFSET) &
+ EC_MKBP_FP_MATCH_IDX_MASK);
}
static void fp_process_finger(void)
@@ -260,12 +261,12 @@ void fp_task(void)
} else {
fp_enrollment_finish(NULL);
}
- enroll_session =
- sensor_mode & FP_MODE_ENROLL_SESSION;
+ enroll_session = sensor_mode &
+ FP_MODE_ENROLL_SESSION;
}
if (is_test_capture(mode)) {
- fp_sensor_acquire_image_with_mode(fp_buffer,
- FP_CAPTURE_TYPE(mode));
+ fp_sensor_acquire_image_with_mode(
+ fp_buffer, FP_CAPTURE_TYPE(mode));
sensor_mode &= ~FP_MODE_CAPTURE;
send_mkbp_event(EC_MKBP_FP_IMAGE_READY);
continue;
@@ -343,13 +344,14 @@ static enum ec_status fp_command_passthru(struct host_cmd_handler_args *args)
if (system_is_locked())
return EC_RES_ACCESS_DENIED;
- if (params->len > args->params_size +
- offsetof(struct ec_params_fp_passthru, data) ||
+ if (params->len >
+ args->params_size +
+ offsetof(struct ec_params_fp_passthru, data) ||
params->len > args->response_max)
return EC_RES_INVALID_PARAM;
- rc = spi_transaction_async(&spi_devices[0], params->data,
- params->len, out, SPI_READBACK_ALL);
+ rc = spi_transaction_async(&spi_devices[0], params->data, params->len,
+ out, SPI_READBACK_ALL);
if (params->flags & EC_FP_FLAG_NOT_COMPLETE)
rc |= spi_transaction_wait(&spi_devices[0]);
else
@@ -381,8 +383,9 @@ static enum ec_status fp_command_info(struct host_cmd_handler_args *args)
r->template_version = FP_TEMPLATE_FORMAT_VERSION;
/* V1 is identical to V0 with more information appended */
- args->response_size = args->version ? sizeof(*r) :
- sizeof(struct ec_response_fp_info_v0);
+ args->response_size = args->version ?
+ sizeof(*r) :
+ sizeof(struct ec_response_fp_info_v0);
return EC_RES_SUCCESS;
}
DECLARE_HOST_COMMAND(EC_CMD_FP_INFO, fp_command_info,
@@ -472,23 +475,27 @@ static enum ec_status fp_command_frame(struct host_cmd_handler_args *args)
*/
enc_info = (void *)fp_enc_buffer;
enc_info->struct_version = FP_TEMPLATE_FORMAT_VERSION;
- init_trng();
- rand_bytes(enc_info->nonce, FP_CONTEXT_NONCE_BYTES);
- rand_bytes(enc_info->encryption_salt,
- FP_CONTEXT_ENCRYPTION_SALT_BYTES);
- exit_trng();
+ trng_init();
+ trng_rand_bytes(enc_info->nonce, FP_CONTEXT_NONCE_BYTES);
+ trng_rand_bytes(enc_info->encryption_salt,
+ FP_CONTEXT_ENCRYPTION_SALT_BYTES);
+ trng_exit();
- if (fgr == template_newly_enrolled) {
+ /*
+ * TODO(http://b/244781166): Use consistent types so cast is
+ * not needed.
+ */
+ if (fgr == (uint32_t)template_newly_enrolled) {
/*
* Newly enrolled templates need new positive match
* salt, new positive match secret and new validation
* value.
*/
template_newly_enrolled = FP_NO_SUCH_TEMPLATE;
- init_trng();
- rand_bytes(fp_positive_match_salt[fgr],
- FP_POSITIVE_MATCH_SALT_BYTES);
- exit_trng();
+ trng_init();
+ trng_rand_bytes(fp_positive_match_salt[fgr],
+ FP_POSITIVE_MATCH_SALT_BYTES);
+ trng_exit();
}
ret = derive_encryption_key(key, enc_info->encryption_salt);
@@ -508,8 +515,7 @@ static enum ec_status fp_command_frame(struct host_cmd_handler_args *args)
/* Encrypt the secret blob in-place. */
ret = aes_gcm_encrypt(key, SBP_ENC_KEY_LEN, encrypted_template,
- encrypted_template,
- encrypted_blob_size,
+ encrypted_template, encrypted_blob_size,
enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
enc_info->tag, FP_CONTEXT_TAG_BYTES);
always_memset(key, 0, sizeof(key));
@@ -550,12 +556,11 @@ DECLARE_HOST_COMMAND(EC_CMD_FP_STATS, fp_command_stats, EC_VER_MASK(0));
static bool template_needs_validation_value(
struct ec_fp_template_encryption_metadata *enc_info)
{
- return enc_info->struct_version == 3
- && FP_TEMPLATE_FORMAT_VERSION == 4;
+ return enc_info->struct_version == 3 && FP_TEMPLATE_FORMAT_VERSION == 4;
}
-static int validate_template_format(
- struct ec_fp_template_encryption_metadata *enc_info)
+static int
+validate_template_format(struct ec_fp_template_encryption_metadata *enc_info)
{
if (template_needs_validation_value(enc_info))
/* The host requested migration to v4. */
@@ -619,9 +624,8 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args)
if (enc_info->struct_version <= 3) {
encrypted_blob_size = sizeof(fp_template[0]);
} else {
- encrypted_blob_size =
- sizeof(fp_template[0]) +
- sizeof(fp_positive_match_salt[0]);
+ encrypted_blob_size = sizeof(fp_template[0]) +
+ sizeof(fp_positive_match_salt[0]);
}
ret = derive_encryption_key(key, enc_info->encryption_salt);
@@ -632,8 +636,7 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args)
/* Decrypt the secret blob in-place. */
ret = aes_gcm_decrypt(key, SBP_ENC_KEY_LEN, encrypted_template,
- encrypted_template,
- encrypted_blob_size,
+ encrypted_template, encrypted_blob_size,
enc_info->nonce, FP_CONTEXT_NONCE_BYTES,
enc_info->tag, FP_CONTEXT_TAG_BYTES);
always_memset(key, 0, sizeof(key));
@@ -647,10 +650,10 @@ static enum ec_status fp_command_template(struct host_cmd_handler_args *args)
sizeof(fp_template[0]));
if (template_needs_validation_value(enc_info)) {
CPRINTS("fgr%d: Generating positive match salt.", idx);
- init_trng();
- rand_bytes(positive_match_salt,
- FP_POSITIVE_MATCH_SALT_BYTES);
- exit_trng();
+ trng_init();
+ trng_rand_bytes(positive_match_salt,
+ FP_POSITIVE_MATCH_SALT_BYTES);
+ trng_exit();
}
if (bytes_are_trivial(positive_match_salt,
sizeof(fp_positive_match_salt[0]))) {
@@ -703,7 +706,8 @@ DECLARE_HOST_COMMAND(EC_CMD_FP_TEMPLATE, fp_command_template, EC_VER_MASK(0));
* Add the following to your ${HOME}/.screenrc:
*
* zmodem catch
- * zmodem recvcmd '!!! bash -c "ascii-xfr -rdv /tmp/finger.pgm && display /tmp/finger.pgm"'
+ * zmodem recvcmd '!!! bash -c "ascii-xfr -rdv /tmp/finger.pgm && display
+ * /tmp/finger.pgm"'
*
* From *outside the chroot*, use screen to connect to UART console:
*
@@ -761,7 +765,7 @@ static enum ec_error_list fp_console_action(uint32_t mode)
return EC_ERROR_TIMEOUT;
}
-static int command_fpcapture(int argc, char **argv)
+static int command_fpcapture(int argc, const char **argv)
{
int capture_type = FP_CAPTURE_SIMPLE_IMAGE;
uint32_t mode;
@@ -781,8 +785,8 @@ static int command_fpcapture(int argc, char **argv)
if (*e || capture_type < 0)
return EC_ERROR_PARAM1;
}
- mode = FP_MODE_CAPTURE | ((capture_type << FP_MODE_CAPTURE_TYPE_SHIFT)
- & FP_MODE_CAPTURE_TYPE_MASK);
+ mode = FP_MODE_CAPTURE | ((capture_type << FP_MODE_CAPTURE_TYPE_SHIFT) &
+ FP_MODE_CAPTURE_TYPE_MASK);
rc = fp_console_action(mode);
if (rc == EC_SUCCESS)
@@ -794,13 +798,13 @@ DECLARE_CONSOLE_COMMAND_FLAGS(fpcapture, command_fpcapture, NULL,
"Capture fingerprint in PGM format",
CMD_FLAG_RESTRICTED);
-static int command_fpenroll(int argc, char **argv)
+static int command_fpenroll(int argc, const char **argv)
{
enum ec_error_list rc;
int percent = 0;
uint32_t event;
- static const char * const enroll_str[] = {"OK", "Low Quality",
- "Immobile", "Low Coverage"};
+ static const char *const enroll_str[] = { "OK", "Low Quality",
+ "Immobile", "Low Coverage" };
/*
* TODO(b/142944002): Remove this redundant check for system_is_locked
@@ -832,11 +836,9 @@ static int command_fpenroll(int argc, char **argv)
return rc;
}
DECLARE_CONSOLE_COMMAND_FLAGS(fpenroll, command_fpenroll, NULL,
- "Enroll a new fingerprint",
- CMD_FLAG_RESTRICTED);
-
+ "Enroll a new fingerprint", CMD_FLAG_RESTRICTED);
-static int command_fpmatch(int argc, char **argv)
+static int command_fpmatch(int argc, const char **argv)
{
enum ec_error_list rc = fp_console_action(FP_MODE_MATCH);
uint32_t event = atomic_clear(&fp_events);
@@ -854,7 +856,7 @@ static int command_fpmatch(int argc, char **argv)
DECLARE_CONSOLE_COMMAND(fpmatch, command_fpmatch, NULL,
"Run match algorithm against finger");
-static int command_fpclear(int argc, char **argv)
+static int command_fpclear(int argc, const char **argv)
{
/*
* We intentionally run this on the fp_task so that we use the
@@ -872,7 +874,7 @@ static int command_fpclear(int argc, char **argv)
DECLARE_CONSOLE_COMMAND(fpclear, command_fpclear, NULL,
"Clear fingerprint sensor context");
-static int command_fpmaintenance(int argc, char **argv)
+static int command_fpmaintenance(int argc, const char **argv)
{
#ifdef HAVE_FP_PRIVATE_DRIVER
return fp_maintenance();
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c
index 73d7aca681..257042197e 100644
--- a/common/fpsensor/fpsensor_crypto.c
+++ b/common/fpsensor/fpsensor_crypto.c
@@ -1,4 +1,4 @@
-/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+/* Copyright 2019 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
@@ -17,7 +17,7 @@
#error "fpsensor requires AES, AES_GCM and ROLLBACK_SECRET_SIZE"
#endif
-static int get_ikm(uint8_t *ikm)
+test_export_static int get_ikm(uint8_t *ikm)
{
int ret;
@@ -44,6 +44,14 @@ static int get_ikm(uint8_t *ikm)
return EC_SUCCESS;
}
+test_mockable void compute_hmac_sha256(uint8_t *output, const uint8_t *key,
+ const int key_len,
+ const uint8_t *message,
+ const int message_len)
+{
+ hmac_SHA256(output, key, key_len, message, message_len);
+}
+
static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size,
const uint8_t *ikm, size_t ikm_size)
{
@@ -51,12 +59,12 @@ static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size,
* Derive a key with the "extract" step of HKDF
* https://tools.ietf.org/html/rfc5869#section-2.2
*/
- hmac_SHA256(prk, salt, salt_size, ikm, ikm_size);
+ compute_hmac_sha256(prk, salt, salt_size, ikm, ikm_size);
}
static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
- uint8_t *prk, size_t prk_size,
- uint8_t *info, size_t info_size)
+ uint8_t *prk, size_t prk_size, uint8_t *info,
+ size_t info_size)
{
uint8_t key_buf[SHA256_DIGEST_SIZE];
uint8_t message_buf[SHA256_DIGEST_SIZE + 1];
@@ -75,7 +83,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
memcpy(message_buf, info, info_size);
/* 1 step, set the counter byte to 1. */
message_buf[info_size] = 0x01;
- hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1);
+ compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1);
memcpy(out_key, key_buf, out_key_size);
always_memset(key_buf, 0, sizeof(key_buf));
@@ -83,8 +91,8 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size,
return EC_SUCCESS;
}
-int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk,
- size_t prk_size, const uint8_t *info, size_t info_size)
+int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size,
+ const uint8_t *info, size_t info_size)
{
/*
* "Expand" step of HKDF.
@@ -123,8 +131,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk,
memcpy(info_buffer, T, T_len);
memcpy(info_buffer + T_len, info, info_size);
info_buffer[T_len + info_size] = count;
- hmac_SHA256(T_buffer, prk, prk_size, info_buffer,
- T_len + info_size + sizeof(count));
+ compute_hmac_sha256(T_buffer, prk, prk_size, info_buffer,
+ T_len + info_size + sizeof(count));
memcpy(out_key, T_buffer, block_size);
T += T_len;
@@ -216,11 +224,9 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt)
return ret;
}
-int aes_gcm_encrypt(const uint8_t *key, int key_size,
- const uint8_t *plaintext,
- uint8_t *ciphertext, int text_size,
- const uint8_t *nonce, int nonce_size,
- uint8_t *tag, int tag_size)
+int aes_gcm_encrypt(const uint8_t *key, int key_size, const uint8_t *plaintext,
+ uint8_t *ciphertext, int text_size, const uint8_t *nonce,
+ int nonce_size, uint8_t *tag, int tag_size)
{
int res;
AES_KEY aes_key;
@@ -251,8 +257,8 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size,
int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext,
const uint8_t *ciphertext, int text_size,
- const uint8_t *nonce, int nonce_size,
- const uint8_t *tag, int tag_size)
+ const uint8_t *nonce, int nonce_size, const uint8_t *tag,
+ int tag_size)
{
int res;
AES_KEY aes_key;
diff --git a/common/fpsensor/fpsensor_detect_strings.c b/common/fpsensor/fpsensor_detect_strings.c
index 352dc90ee5..af08219ced 100644
--- a/common/fpsensor/fpsensor_detect_strings.c
+++ b/common/fpsensor/fpsensor_detect_strings.c
@@ -1,4 +1,4 @@
-/* Copyright 2020 The Chromium OS Authors. All rights reserved.
+/* Copyright 2020 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
diff --git a/common/fpsensor/fpsensor_private.h b/common/fpsensor/fpsensor_private.h
index a42049dece..919c523273 100644
--- a/common/fpsensor/fpsensor_private.h
+++ b/common/fpsensor/fpsensor_private.h
@@ -1,4 +1,4 @@
-/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+/* Copyright 2019 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
@@ -10,8 +10,8 @@
#include <stdint.h>
-#define CPRINTF(format, args...) cprintf(CC_FP, format, ## args)
-#define CPRINTS(format, args...) cprints(CC_FP, format, ## args)
+#define CPRINTF(format, args...) cprintf(CC_FP, format, ##args)
+#define CPRINTS(format, args...) cprints(CC_FP, format, ##args)
int validate_fp_buffer_offset(uint32_t buffer_size, uint32_t offset,
uint32_t size);
diff --git a/common/fpsensor/fpsensor_state.c b/common/fpsensor/fpsensor_state.c
index bd907e2c00..8153df9883 100644
--- a/common/fpsensor/fpsensor_state.c
+++ b/common/fpsensor/fpsensor_state.c
@@ -1,4 +1,4 @@
-/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+/* Copyright 2019 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
@@ -19,25 +19,25 @@
/* Last acquired frame (aligned as it is used by arbitrary binary libraries) */
uint8_t fp_buffer[FP_SENSOR_IMAGE_SIZE] FP_FRAME_SECTION __aligned(4);
/* Fingers templates for the current user */
-uint8_t fp_template[FP_MAX_FINGER_COUNT][FP_ALGORITHM_TEMPLATE_SIZE]
- FP_TEMPLATE_SECTION;
+uint8_t fp_template[FP_MAX_FINGER_COUNT]
+ [FP_ALGORITHM_TEMPLATE_SIZE] FP_TEMPLATE_SECTION;
/* Encryption/decryption buffer */
/* TODO: On-the-fly encryption/decryption without a dedicated buffer */
/*
* Store the encryption metadata at the beginning of the buffer containing the
* ciphered data.
*/
-uint8_t fp_enc_buffer[FP_ALGORITHM_ENCRYPTED_TEMPLATE_SIZE]
- FP_TEMPLATE_SECTION;
+uint8_t fp_enc_buffer[FP_ALGORITHM_ENCRYPTED_TEMPLATE_SIZE] FP_TEMPLATE_SECTION;
/* Salt used in derivation of positive match secret. */
-uint8_t fp_positive_match_salt
- [FP_MAX_FINGER_COUNT][FP_POSITIVE_MATCH_SALT_BYTES];
+uint8_t fp_positive_match_salt[FP_MAX_FINGER_COUNT]
+ [FP_POSITIVE_MATCH_SALT_BYTES];
-struct positive_match_secret_state positive_match_secret_state = {
- .template_matched = FP_NO_SUCH_TEMPLATE,
- .readable = false,
- .deadline.val = 0,
-};
+struct positive_match_secret_state
+ positive_match_secret_state = { .template_matched = FP_NO_SUCH_TEMPLATE,
+ .readable = false,
+ .deadline = {
+ .val = 0,
+ } };
/* Index of the last enrolled but not retrieved template. */
int8_t template_newly_enrolled = FP_NO_SUCH_TEMPLATE;
@@ -178,7 +178,7 @@ static int validate_fp_mode(const uint32_t mode)
return EC_SUCCESS;
}
-int fp_set_sensor_mode(uint32_t mode, uint32_t *mode_output)
+enum ec_status fp_set_sensor_mode(uint32_t mode, uint32_t *mode_output)
{
int ret;
@@ -205,7 +205,7 @@ static enum ec_status fp_command_mode(struct host_cmd_handler_args *args)
const struct ec_params_fp_mode *p = args->params;
struct ec_response_fp_mode *r = args->response;
- int ret = fp_set_sensor_mode(p->mode, &r->mode);
+ enum ec_status ret = fp_set_sensor_mode(p->mode, &r->mode);
if (ret == EC_RES_SUCCESS)
args->response_size = sizeof(*r);
@@ -262,23 +262,22 @@ int fp_enable_positive_match_secret(uint32_t fgr,
return EC_SUCCESS;
}
-void fp_disable_positive_match_secret(
- struct positive_match_secret_state *state)
+void fp_disable_positive_match_secret(struct positive_match_secret_state *state)
{
state->template_matched = FP_NO_SUCH_TEMPLATE;
state->readable = false;
state->deadline.val = 0;
}
-static enum ec_status fp_command_read_match_secret(
- struct host_cmd_handler_args *args)
+static enum ec_status
+fp_command_read_match_secret(struct host_cmd_handler_args *args)
{
const struct ec_params_fp_read_match_secret *params = args->params;
struct ec_response_fp_read_match_secret *response = args->response;
int8_t fgr = params->fgr;
timestamp_t now = get_time();
- struct positive_match_secret_state state_copy
- = positive_match_secret_state;
+ struct positive_match_secret_state state_copy =
+ positive_match_secret_state;
fp_disable_positive_match_secret(&positive_match_secret_state);
@@ -293,13 +292,14 @@ static enum ec_status fp_command_read_match_secret(
}
if (fgr != state_copy.template_matched || !state_copy.readable) {
CPRINTS("Positive match secret for finger %d is not meant to "
- "be read now.", fgr);
+ "be read now.",
+ fgr);
return EC_RES_ACCESS_DENIED;
}
if (derive_positive_match_secret(response->positive_match_secret,
- fp_positive_match_salt[fgr])
- != EC_SUCCESS) {
+ fp_positive_match_salt[fgr]) !=
+ EC_SUCCESS) {
CPRINTS("Failed to derive positive match secret for finger %d",
fgr);
/* Keep the template and encryption salt. */
View Lorry Controller Status