commit dac8cc07ea7bc599bd807cb543906ebbe9c5595e
author Tom Hughes <tomhughes@chromium.org> Wed Sep 02 15:46:57 2020 -0700
committer Commit Bot <commit-bot@chromium.org> Tue Oct 20 04:03:55 2020 +0000
tree e4867f9862b1f53a901c87470e75e40c3e8b70cd
parent 8bceb8f4271f156150935cad3db03b78809764a3

biod: Use SecureVector for VendorTemplate

The template is encrypted, so it's not strictly necessary to use
SecureVector, but we do so as part of a defense-in-depth strategy in
case there's a bug in the encryption/FPMCU.

BUG=none
TEST=FEATURES="test" emerge-hatch biod

Change-Id: I958ed0722001682611beec3b2ae0893476f9854f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2391783
Tested-by: Tom Hughes <tomhughes@chromium.org>
Commit-Queue: Tom Hughes <tomhughes@chromium.org>
Reviewed-by: Yicheng Li <yichengli@chromium.org>

biod/cros_fp_biometrics_manager_test.cc

diff --git a/biod/cros_fp_biometrics_manager_test.cc b/biod/cros_fp_biometrics_manager_test.cc
index 7466828..f36dcaf 100644
--- a/biod/cros_fp_biometrics_manager_test.cc
+++ b/biod/cros_fp_biometrics_manager_test.cc
@@ -315,7 +315,7 @@
 TEST_F(CrosFpBiometricsManagerTest, TestInsertEmptyPositiveMatchSalt) {
   // Prepare a template of old format, with zero-length template field.
   size_t metadata_size = sizeof(struct ec_fp_template_encryption_metadata);
-  std::vector<uint8_t> tmpl(metadata_size, 0xff);
+  VendorTemplate tmpl(metadata_size, 0xff);
 
   CrosFpBiometricsManagerPeer::InsertEmptyPositiveMatchSalt(&tmpl);
 

biod/cros_fp_device.cc

diff --git a/biod/cros_fp_device.cc b/biod/cros_fp_device.cc
index 4566b40..4af29b7 100644
--- a/biod/cros_fp_device.cc
+++ b/biod/cros_fp_device.cc
@@ -175,7 +175,7 @@
   return FpMode(cmd.Resp()->mode);
 }
 
-bool CrosFpDevice::FpFrame(int index, std::vector<uint8_t>* frame) {
+bool CrosFpDevice::FpFrame(int index, VendorTemplate* frame) {
   EcCommand<struct ec_params_fp_frame, uint8_t[kMaxPacketSize]> cmd(
       EC_CMD_FP_FRAME);
 

biod/cros_fp_device.h

diff --git a/biod/cros_fp_device.h b/biod/cros_fp_device.h
index 698ae15..ffe0910 100644
--- a/biod/cros_fp_device.h
+++ b/biod/cros_fp_device.h
@@ -104,7 +104,7 @@
   bool AddEntropy(bool reset);
   // Get block id from rollback info.
   bool GetRollBackInfoId(int32_t* block_id);
-  bool FpFrame(int index, std::vector<uint8_t>* frame);
+  bool FpFrame(int index, VendorTemplate* frame);
   bool FpReadMatchSecret(uint16_t index, brillo::SecureVector* secret);
   bool GetIndexOfLastTemplate(int* index);
   // Run a sequence of EC commands to update the entropy in the

biod/cros_fp_device_interface.h

diff --git a/biod/cros_fp_device_interface.h b/biod/cros_fp_device_interface.h
index e1600ab..9a16aa5 100644
--- a/biod/cros_fp_device_interface.h
+++ b/biod/cros_fp_device_interface.h
@@ -15,7 +15,12 @@
 #include "biod/ec_command.h"
 #include "biod/fp_mode.h"
 
-using VendorTemplate = std::vector<uint8_t>;
+/**
+ * The template is encrypted, so it's not strictly necessary to use
+ * SecureVector, but we do so as part of a defense-in-depth strategy in case
+ * there's a bug in the encryption/FPMCU.
+ */
+using VendorTemplate = brillo::SecureVector;
 
 namespace biod {