diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-07-30 08:40:32 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-08-12 14:18:48 +0000 |
commit | 7ddbd2a9eab0dc54897d6b5bb8ee1d4b3be1fe27 (patch) | |
tree | 43356bb71d38ea7f5ea1639855ac3b322d460176 /test | |
parent | 43f6e7be087720507e57cf27e9460aae64c3b69a (diff) | |
download | chrome-ec-7ddbd2a9eab0dc54897d6b5bb8ee1d4b3be1fe27.tar.gz |
cr50: drop cryptoc for SHA1/SHA2 supportstabilize-14150.882.B-cr50_stabstabilize-14150.881.B-cr50_stabstabilize-14150.74.B-cr50_stabstabilize-14150.734.B-cr50_stabstabilize-14150.64.B-cr50_stabstabilize-14150.43.B-cr50_stabstabilize-14150.376.B-cr50_stabrelease-R94-14150.B-cr50_stabrelease-R94-14150.49.B-cr50_stab
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects. While just making local copy of cryptoc would
solve an issue, it's suboptimal as prevents from many optimizations and
improvements.
Provided SHA & HMAC implementations from Ti50 project. This provides
better performance (500us vs. 670us earlier for HMAC DRBG) and reduce
code size. This implementation also enables stack use savings when
only specific digest is needed. Earlier SHA512 context was allocated
when only SHA256 is needed greatly increasing stack consumption for
code using HMAC_DRBG and others.
However, it introduce subtle API changes which require handling.
As for tests, since core implementation is hardware-independent, make
it available for BOARD=host too.
Before change (with cryptoc):
*** 12368 bytes in flash and 5784 bytes in RAM
After:
*** 13136 bytes in flash and 5796 bytes in RAM
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I2ff5362aee9078ce83dc1f8081943a5101d5f666
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3064201
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'test')
-rw-r--r-- | test/pinweaver.c | 23 | ||||
-rw-r--r-- | test/test_config.h | 2 | ||||
-rw-r--r-- | test/u2f.c | 34 |
3 files changed, 12 insertions, 47 deletions
diff --git a/test/pinweaver.c b/test/pinweaver.c index 63a7e2e067..d6df149135 100644 --- a/test/pinweaver.c +++ b/test/pinweaver.c @@ -7,7 +7,6 @@ #include <dcrypto.h> #include <nvmem_vars.h> -#include <sha256.h> #include <stdint.h> #include <string.h> #include <timer.h> @@ -885,40 +884,40 @@ void rand_bytes(void *buffer, size_t len) /* Mock implementations of Dcrypto functionality. */ -void HASH_update(struct HASH_CTX *ctx, const void *data, size_t len) +void HASH_update(union hash_ctx *ctx, const void *data, size_t len) { if (MOCK_hash_update_cb) MOCK_hash_update_cb(data, len); if (ctx) - SHA256_update(ctx, data, len); + SHA256_sw_update(&ctx->sha256, data, len); } -uint8_t *HASH_final(struct HASH_CTX *ctx) +const union sha_digests *HASH_final(union hash_ctx *ctx) { ++MOCK_DECRYPTO_release_counter; - return SHA256_final(ctx); + return (union sha_digests *)SHA256_sw_final(&ctx->sha256); } -void DCRYPTO_SHA256_init(LITE_SHA256_CTX *ctx, uint32_t sw_required) +void SHA256_hw_init(struct sha256_ctx *ctx) { - SHA256_init(ctx); + SHA256_sw_init(ctx); ++MOCK_DECRYPTO_init_counter; } -void DCRYPTO_HMAC_SHA256_init(LITE_HMAC_CTX *ctx, const void *key, - unsigned int len) +void HMAC_SHA256_hw_init(struct hmac_sha256_ctx *ctx, const void *key, + size_t len) { TEST_ASRT_NORET(len == sizeof(EMPTY_TREE.hmac_key)); TEST_ASRT_NORET(memcmp(key, EMPTY_TREE.hmac_key, sizeof(EMPTY_TREE.hmac_key)) == 0); - SHA256_init(&ctx->hash); + SHA256_sw_init(&ctx->hash); ++MOCK_DECRYPTO_init_counter; } -const uint8_t *DCRYPTO_HMAC_final(LITE_HMAC_CTX *ctx) +const struct sha256_digest *HMAC_SHA256_hw_final(struct hmac_sha256_ctx *ctx) { ++MOCK_DECRYPTO_release_counter; - return MOCK_hmac; + return (struct sha256_digest *)MOCK_hmac; } /* Perform a symmetric transformation of the data to simulate AES without diff --git a/test/test_config.h b/test/test_config.h index 33c65322c6..f7b222302f 100644 --- a/test/test_config.h +++ b/test/test_config.h @@ -190,7 +190,7 @@ enum nvmem_users { NVMEM_TPM = 0, NVMEM_CR50, NVMEM_NUM_USERS }; #endif #ifdef TEST_U2F -#define CONFIG_DCRYPTO_MOCK +#define CONFIG_DCRYPTO #define CONFIG_U2F #define CC_EXTENSION CC_COMMAND #endif diff --git a/test/u2f.c b/test/u2f.c index 56ae0cf65e..c74bc847a3 100644 --- a/test/u2f.c +++ b/test/u2f.c @@ -42,40 +42,6 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, return 1; } -void hmac_drbg_init_rfc6979(struct drbg_ctx *ctx, - const p256_int *key, - const p256_int *message) -{ - memset(ctx, 0, sizeof(struct drbg_ctx)); -} - -void HASH_update(struct HASH_CTX *ctx, const void *data, size_t len) -{ - if (ctx) - SHA256_update(ctx, data, len); -} - -uint8_t *HASH_final(struct HASH_CTX *ctx) -{ - return SHA256_final(ctx); -} - -void DCRYPTO_SHA256_init(LITE_SHA256_CTX *ctx, uint32_t sw_required) -{ - SHA256_init(ctx); -} - -void DCRYPTO_HMAC_SHA256_init(LITE_HMAC_CTX *ctx, const void *key, - unsigned int len) -{ - SHA256_init(&ctx->hash); -} - -const uint8_t *DCRYPTO_HMAC_final(LITE_HMAC_CTX *ctx) -{ - return SHA256_final(&ctx->hash); -} - /******************************************************************************/ /* Mock implementations of U2F functionality. */ |