Reland "Use third_party boringssl for AES"

This is a reland of commit 6fa9cc0c7484be908010a6acdd6547d686234e34

Original change's description:
> Use third_party boringssl for AES
>
> The original boringssl copy is not maintainable in the long term.
> We should build it from the upstream version.
>
> BUG=b:248508087, b:273639386
> TEST=make runhosttests -j
> TEST=make buildall -j
> BRANCH=none
>
> Signed-off-by: Yi Chou <yich@google.com>
> Change-Id: I3ead1244c3c839590281e20e5c4828242933d1f2
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3925087
> Reviewed-by: Tom Hughes <tomhughes@chromium.org>

BUG=b:248508087, b:273639386
TEST=make runhosttests -j
TEST=make buildall -j
BRANCH=none

Force-Relevant-Builds: all
Change-Id: I2bf9e2157eec030ec3526939846a5706b1954afd
Signed-off-by: Yi Chou <yich@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4464659
Reviewed-by: Tom Hughes <tomhughes@chromium.org>

10 files changed, 61 insertions, 21 deletions

diff --git a/baseboard/nucleo-f412zg/base-board.h b/baseboard/nucleo-f412zg/base-board.h
index 7eb589183e..18e88df48c 100644
--- a/baseboard/nucleo-f412zg/base-board.h
+++ b/baseboard/nucleo-f412zg/base-board.h
@@ -157,8 +157,7 @@
  * Other
  *-------------------------------------------------------------------------*/
 
-#define CONFIG_AES
-#define CONFIG_AES_GCM
+#define CONFIG_BORINGSSL_CRYPTO
 #define CONFIG_DMA_CROS
 #define CONFIG_FPU
 #define CONFIG_HOST_COMMAND_STATUS
diff --git a/baseboard/nucleo-h743zi/base-board.h b/baseboard/nucleo-h743zi/base-board.h
index 987ddf5f16..936b2c6e1c 100644
--- a/baseboard/nucleo-h743zi/base-board.h
+++ b/baseboard/nucleo-h743zi/base-board.h
@@ -83,8 +83,7 @@
 
 /* Enabled features */
 
-#define CONFIG_AES
-#define CONFIG_AES_GCM
+#define CONFIG_BORINGSSL_CRYPTO
 #define CONFIG_DMA_CROS
 #define CONFIG_FORCE_CONSOLE_RESUME
 #define CONFIG_FPU
diff --git a/board/hatch_fp/board.h b/board/hatch_fp/board.h
index 082bc937e8..721d216a44 100644
--- a/board/hatch_fp/board.h
+++ b/board/hatch_fp/board.h
@@ -222,8 +222,7 @@
  * Other
  *-------------------------------------------------------------------------*/
 
-#define CONFIG_AES
-#define CONFIG_AES_GCM
+#define CONFIG_BORINGSSL_CRYPTO
 #define CONFIG_DMA_CROS
 #define CONFIG_FPU
 #define CONFIG_FPU_WARNINGS
diff --git a/board/nocturne_fp/board.h b/board/nocturne_fp/board.h
index 543e8fd30f..1a34c05ed8 100644
--- a/board/nocturne_fp/board.h
+++ b/board/nocturne_fp/board.h
@@ -202,8 +202,7 @@
 #undef CONFIG_ROLLBACK_UPDATE
 #endif
 
-#define CONFIG_AES
-#define CONFIG_AES_GCM
+#define CONFIG_BORINGSSL_CRYPTO
 
 #define CONFIG_RNG
 
diff --git a/board/nucleo-dartmonkey/board.h b/board/nucleo-dartmonkey/board.h
index 76e278b4ca..4e070bf91b 100644
--- a/board/nucleo-dartmonkey/board.h
+++ b/board/nucleo-dartmonkey/board.h
@@ -31,6 +31,8 @@
 /* Fingerprint needs to store a secrect in the anti-rollback block */
 #define CONFIG_ROLLBACK_SECRET_SIZE 32
 
+#define CONFIG_BORINGSSL_CRYPTO
+
 /* SPI configuration for the fingerprint sensor */
 #define CONFIG_SPI_CONTROLLER
 #define CONFIG_SPI_FP_PORT 2 /* SPI4: third master config */
diff --git a/common/fpsensor/fpsensor_crypto.cc b/common/fpsensor/fpsensor_crypto.cc
index 824f3d6c73..5861064427 100644
--- a/common/fpsensor/fpsensor_crypto.cc
+++ b/common/fpsensor/fpsensor_crypto.cc
@@ -3,16 +3,21 @@
  * found in the LICENSE file.
  */
 
+#include "aes_gcm_helpers.h"
 #include "fpsensor_crypto.h"
 #include "fpsensor_state.h"
 #include "fpsensor_utils.h"
+#include "openssl/aes.h"
+
+/* These must be included after the "openssl/aes.h" */
+#include "crypto/fipsmodule/aes/internal.h"
+#include "crypto/fipsmodule/modes/internal.h"
 
 extern "C" {
-#include "aes-gcm.h"
-#include "aes.h"
 #include "cryptoc/util.h"
 #include "rollback.h"
 #include "sha256.h"
+#include "util.h"
 
 test_export_static int get_ikm(uint8_t *ikm);
 test_mockable void compute_hmac_sha256(uint8_t *output, const uint8_t *key,
@@ -22,9 +27,9 @@ test_mockable void compute_hmac_sha256(uint8_t *output, const uint8_t *key,
 }
 
 #include <stdbool.h>
-#if !defined(CONFIG_AES) || !defined(CONFIG_AES_GCM) || \
-	!defined(CONFIG_ROLLBACK_SECRET_SIZE)
-#error "fpsensor requires AES, AES_GCM and ROLLBACK_SECRET_SIZE"
+
+#if !defined(CONFIG_BORINGSSL_CRYPTO) || !defined(CONFIG_ROLLBACK_SECRET_SIZE)
+#error "fpsensor requires CONFIG_BORINGSSL_CRYPTO and ROLLBACK_SECRET_SIZE"
 #endif
 
 test_export_static int get_ikm(uint8_t *ikm)
diff --git a/fuzz/fuzz_config.h b/fuzz/fuzz_config.h
index d642513b24..e7b539b864 100644
--- a/fuzz/fuzz_config.h
+++ b/fuzz/fuzz_config.h
@@ -25,8 +25,7 @@
 #endif /* ! FUZZ_HOSTCMD_VERBOSE */
 
 /* The following are for fpsensor host commands. */
-#define CONFIG_AES
-#define CONFIG_AES_GCM
+#define CONFIG_BORINGSSL_CRYPTO
 #define CONFIG_ROLLBACK_SECRET_SIZE 32
 #define CONFIG_SHA256
 
diff --git a/test/aes.cc b/test/aes.cc
index d08679d489..98d79b4b03 100644
--- a/test/aes.cc
+++ b/test/aes.cc
@@ -19,8 +19,6 @@
 #include "test_util.h"
 
 extern "C" {
-#include "aes-gcm.h"
-#include "aes.h"
 #include "builtin/assert.h"
 #include "console.h"
 #include "timer.h"
@@ -28,6 +26,13 @@ extern "C" {
 #include "watchdog.h"
 }
 
+#include "aes_gcm_helpers.h"
+#include "openssl/aes.h"
+
+/* These must be included after the "openssl/aes.h" */
+#include "crypto/fipsmodule/aes/internal.h"
+#include "crypto/fipsmodule/modes/internal.h"
+
 /* Temporary buffer, to avoid using too much stack space. */
 static uint8_t tmp[512];
 
diff --git a/test/test_config.h b/test/test_config.h
index 8f1c482b71..51c15f4c8c 100644
--- a/test/test_config.h
+++ b/test/test_config.h
@@ -31,8 +31,7 @@
 #endif
 
 #if defined(TEST_AES) || defined(TEST_CRYPTO_BENCHMARK)
-#define CONFIG_AES
-#define CONFIG_AES_GCM
+#define CONFIG_BORINGSSL_CRYPTO
 #endif
 
 #ifdef TEST_BASE32
@@ -110,8 +109,7 @@
 
 #if defined(TEST_FPSENSOR) || defined(TEST_FPSENSOR_STATE) || \
 	defined(TEST_FPSENSOR_CRYPTO)
-#define CONFIG_AES
-#define CONFIG_AES_GCM
+#define CONFIG_BORINGSSL_CRYPTO
 #define CONFIG_ROLLBACK_SECRET_SIZE 32
 #define CONFIG_SHA256
 #endif
diff --git a/third_party/boringssl/include/aes_gcm_helpers.h b/third_party/boringssl/include/aes_gcm_helpers.h
new file mode 100644
index 0000000000..7c902169b7
--- /dev/null
+++ b/third_party/boringssl/include/aes_gcm_helpers.h
@@ -0,0 +1,35 @@
+/* Copyright 2023 The ChromiumOS Authors
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Helpers for the boringssl AEC GCM interface. */
+
+#ifndef __CROS_EC_AES_GCM_HELPERS_H
+#define __CROS_EC_AES_GCM_HELPERS_H
+
+#include "openssl/aes.h"
+#include "string.h"
+
+/* These must be included after the "openssl/aes.h" */
+#include "crypto/fipsmodule/aes/internal.h"
+#include "crypto/fipsmodule/modes/internal.h"
+
+/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with
+ * the given key. |block_is_hwaes| is one if |block| is |aes_hw_encrypt|.
+ *
+ * This API was removed in upstream:
+ * https://boringssl-review.googlesource.com/c/boringssl/+/32004
+ *
+ * Note: The content of GCM128_CONTEXT must be initialized by this function.
+ * Passing the context that remain uninitialized parts into the other
+ * CRYPTO_gcm128_ functions will result undefined behavior.
+ */
+static inline void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const AES_KEY *key,
+				      block128_f block, int block_is_hwaes)
+{
+	memset(ctx, 0, sizeof(*ctx));
+	CRYPTO_gcm128_init_key(&ctx->gcm_key, key, block, block_is_hwaes);
+}
+
+#endif /* __CROS_EC_AES_GCM_HELPERS_H */