diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-12 17:55:22 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-08-16 18:21:47 +0000 |
| commit | 994efaeb57aaa023e38b547ceede69930ed687fc (patch) | |
| tree | 464ba8c9c37dfccb8e7359b83b00618bebf4554a /include/config.h | |
| parent | 5d24282d7db3854c4a6adf925c75b7573de5617d (diff) | |
| download | chrome-ec-994efaeb57aaa023e38b547ceede69930ed687fc.tar.gz | |
cr50: final touches to remove cryptoc dependencystabilize-14163.B-cr50_stab
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects. While just making local copy of cryptoc would
solve an issue, it's suboptimal as prevents from many optimizations and
improvements.
1. Clean-up of #include dependencies on cryptoc
2. Build configuration drops linking with cryptoc for cr50
3. Dcrypto SHA512 code updated to compile and partially tested.
It is about 4x faster on large messages, and about 620 bytes larger.
Added an config option to use Dcrypto version as software, but not
enabled. More testing is needed to make sure it's safe and doesn't
have unintended interactions with RSA and ECDSA Dcrypto code.
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1; tpm_test
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I030b60b75daeec9c8ef079017a73345829bf7f0b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093093
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'include/config.h')
| -rw-r--r-- | include/config.h | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/include/config.h b/include/config.h index bc183476ac..8914c92725 100644 --- a/include/config.h +++ b/include/config.h @@ -1374,16 +1374,24 @@ #undef CONFIG_DCRYPTO_RSA_SPEEDUP /* - * When enabled, accelerate sha512 using the generic crypto engine; - * only supported on CR50 + * When enabled, accelerate sha512/384 using the generic crypto engine; + * only supported on CR50. It is about 4x faster, but ~620 bytes larger. */ #undef CONFIG_DCRYPTO_SHA512 /* - * When enabled build support for SHA-384/512, requires CONFIG_DCRYPTO. + * When enabled build support for SHA-384/512, requires CONFIG_DCRYPTO or + * CONFIG_DCRYPTO_BOARD. */ #undef CONFIG_UPTO_SHA512 +/** + * Make sw version of SHA2-512/384 equal to hw(dcrypto). + * Unlike SHA2-256, dcrypto implementation of SHA2-512/384 allows to save + * context, so can fully replace software implementation. + */ +#undef CONFIG_SHA512_HW_EQ_SW + /* * When enabled ignore version et al during fw upgrade for chip/g. */ |