pinweaver: Adjust v2 eal interfaces
Rename storage getter/setter eal functions to be consistent with
existing ones. Remove pw_ba_pk_status param from the getter eal and use
the return code to determine the status instead.
BUG=b:248209280
TEST=pinweaver_client biometrics_selftest
TEST=tast run $DUT hwsec.PINWeaver*
Cq-Depend: chromium:4154170
Change-Id: Ied445501881d6b862b942cfbcffa29c7d0a0f610
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/pinweaver/+/4154150
Reviewed-by: Edward Hill <ecgh@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
diff --git a/fuzzer/tpm_storage_fuzzed.cc b/fuzzer/tpm_storage_fuzzed.cc
index 3ffa447..e8e72b3 100644
--- a/fuzzer/tpm_storage_fuzzed.cc
+++ b/fuzzer/tpm_storage_fuzzed.cc
@@ -1,4 +1,4 @@
-/* Copyright 2021 The Chromium OS Authors. All rights reserved.
+/* Copyright 2021 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
@@ -97,25 +97,20 @@
}
#if BIOMETRICS_DEV
-int pinweaver_eal_get_ba_pk(uint8_t auth_channel,
- struct pw_ba_pk_status_t *status,
+int pinweaver_eal_storage_get_ba_pk(uint8_t auth_channel,
struct pw_ba_pk_t *pk)
{
- status->v = PW_BA_PK_ESTABLISHED;
auto key = g_data_provider->ConsumeBytes<char>(
sizeof(struct pw_ba_pk_t));
key.resize(sizeof(struct pw_ba_pk_t));
memcpy(pk, key.data(), sizeof(struct pw_ba_pk_t));
if (g_data_provider->ConsumeBool())
- status->v = g_data_provider->ConsumeIntegral<int>();
-
- if (g_data_provider->ConsumeBool())
return g_data_provider->ConsumeIntegral<int>();
return 0;
}
-int pinweaver_eal_set_ba_pk(uint8_t auth_channel,
+int pinweaver_eal_storage_set_ba_pk(uint8_t auth_channel,
const struct pw_ba_pk_t *pk)
{
if (g_data_provider->ConsumeBool())
diff --git a/pinweaver.c b/pinweaver.c
index 5be8d50..b10b8f6 100644
--- a/pinweaver.c
+++ b/pinweaver.c
@@ -989,7 +989,6 @@
uint8_t high_entropy_secret[PW_SECRET_SIZE])
{
int ret;
- struct pw_ba_pk_status_t pk_status;
struct pw_ba_pk_t pk;
pinweaver_eal_hmac_sha256_ctx_t hmac;
@@ -1000,11 +999,9 @@
/* An established Pk on the specified auth channel is required
* to create a biometrics limiter leaf.
*/
- ret = pinweaver_eal_get_ba_pk(auth_channel, &pk_status, &pk);
+ ret = pinweaver_eal_storage_get_ba_pk(auth_channel, &pk);
if (ret != EC_SUCCESS)
return ret;
- if (pk_status.v != PW_BA_PK_ESTABLISHED)
- return PW_ERR_BIO_AUTH_PK_NOT_ESTABLISHED;
/* hmac-sha256 Pk and auth_channel into LEC. */
if (pinweaver_eal_hmac_sha256_init(&hmac, merkle_tree->hmac_key,
@@ -1608,7 +1605,6 @@
{
int ret;
uint8_t auth_channel;
- struct pw_ba_pk_status_t pk_status;
struct pw_ba_pk_t pk;
uint8_t secret[PW_SECRET_SIZE];
size_t secret_size = PW_SECRET_SIZE;
@@ -1635,10 +1631,8 @@
/* Pk can only be generated on the specified auth_channel slot
* if no Pk is established yet and it's not blocked.
*/
- ret = pinweaver_eal_get_ba_pk(auth_channel, &pk_status, &pk);
- if (ret != EC_SUCCESS)
- return ret;
- if (pk_status.v != PW_BA_PK_NOT_ESTABLISHED)
+ ret = pinweaver_eal_storage_get_ba_pk(auth_channel, &pk);
+ if (ret != PW_ERR_BIO_AUTH_PK_NOT_ESTABLISHED)
return PW_ERR_BIO_AUTH_ACCESS_DENIED;
/* Perform ECDH to derive the shared secret. */
@@ -1661,7 +1655,7 @@
return PW_ERR_CRYPTO_FAILURE;
/* Persist the Pk. */
- ret = pinweaver_eal_set_ba_pk(auth_channel, &pk);
+ ret = pinweaver_eal_storage_set_ba_pk(auth_channel, &pk);
if (ret != EC_SUCCESS)
return ret;
@@ -1709,7 +1703,6 @@
uint8_t *low_entropy_secret, *client_nonce;
uint8_t high_entropy_secret[PW_SECRET_SIZE];
uint8_t session_key[PW_SECRET_SIZE], server_nonce[PW_SECRET_SIZE];
- struct pw_ba_pk_status_t pk_status;
struct pw_ba_pk_t pk;
pinweaver_eal_hmac_sha256_ctx_t hmac;
size_t source_offset, dest_offset;
@@ -1732,11 +1725,9 @@
/* An established Pk on the specified auth channel is required
* to authenticate a rate-limiter.
*/
- ret = pinweaver_eal_get_ba_pk(auth_channel, &pk_status, &pk);
+ ret = pinweaver_eal_storage_get_ba_pk(auth_channel, &pk);
if (ret != EC_SUCCESS)
return ret;
- if (pk_status.v != PW_BA_PK_ESTABLISHED)
- return PW_ERR_BIO_AUTH_PK_NOT_ESTABLISHED;
/* hmac-sha256 Pk and label into LEC. */
if (pinweaver_eal_hmac_sha256_init(&hmac, merkle_tree->hmac_key,
diff --git a/pinweaver_eal.h b/pinweaver_eal.h
index d4dea67..7ce3b69 100644
--- a/pinweaver_eal.h
+++ b/pinweaver_eal.h
@@ -1,5 +1,5 @@
-/* Copyright 2021 The Chromium OS Authors. All rights reserved.
+/* Copyright 2021 The ChromiumOS Authors
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
@@ -122,18 +122,18 @@
/*
* Load the Pk of the specified auth channel.
- * The pk should be valid when status is PW_BA_PK_ESTABLISHED.
+ * The pk should be valid when status is return code is 0.
* Returns 0 on success.
+ * Returns PW_ERR_BIO_AUTH_PK_NOT_ESTABLISHED when the Pk is not established.
*/
-int pinweaver_eal_get_ba_pk(uint8_t auth_channel,
- struct pw_ba_pk_status_t *status,
+int pinweaver_eal_storage_get_ba_pk(uint8_t auth_channel,
struct pw_ba_pk_t *pk);
/*
* Set the Pk of the specified auth channel.
* Returns 0 on success.
*/
-int pinweaver_eal_set_ba_pk(uint8_t auth_channel,
+int pinweaver_eal_storage_set_ba_pk(uint8_t auth_channel,
const struct pw_ba_pk_t *pk);
/*
diff --git a/pinweaver_types.h b/pinweaver_types.h
index 602bf65..fcc6212 100644
--- a/pinweaver_types.h
+++ b/pinweaver_types.h
@@ -270,19 +270,6 @@
/* Biometrics specific types. */
-enum pw_ba_pk_status_enum {
- /* Pk isn't established, but is blocked from establishment. */
- PW_BA_PK_BLOCKED,
- /* Pk isn't established, and is open to establishment. */
- PW_BA_PK_NOT_ESTABLISHED,
- /* Pk is already established. */
- PW_BA_PK_ESTABLISHED,
-};
-
-struct PW_PACKED pw_ba_pk_status_t {
- uint8_t v;
-};
-
struct PW_PACKED pw_ba_pk_t {
uint8_t key[PW_SECRET_SIZE];
};