diff options
author | Jeremy Bettis <jbettis@chromium.org> | 2022-09-26 21:37:59 +0000 |
---|---|---|
committer | Jeremy Bettis <jbettis@chromium.org> | 2022-09-26 21:58:52 +0000 |
commit | 55ef7a03129eb301a51c5539672d910d1243187f (patch) | |
tree | 7894ef17c768cb7d43b11ef0bfc6b399bc5caec3 | |
parent | 0e9c5579f042c6f6e68d8ccaafa5dd615d6f5580 (diff) | |
download | chrome-ec-55ef7a03129eb301a51c5539672d910d1243187f.tar.gz |
Revert "common: replace safe_memcmp with cryptoc version"
This reverts commit 85554f0a843daa1c85ba252c7a27a389968d347b.
Reason for revert: Broke gitlab (https://gitlab.com/zephyr-ec/ec/-/pipelines/651162463) and also CQ emerge builds (https://ci.chromium.org/ui/p/chromeos/builders/postsubmit/nissa-postsubmit/16030/overview)
Original change's description:
> common: replace safe_memcmp with cryptoc version
>
> We now have to always link against cryptoc, but it does not increase
> code size on our most constrained boards:
>
> Before and after both show:
>
> Smallest free spaces in RO flash (bytes):
> pdeval-stm32f072: 88
> servo_v4 : 104
> fusb307bgevb: 156
>
> Smallest free spaces in RW flash (bytes):
> volteer : 516
> bobba : 712
> meep : 716
>
> Tightest boards' RW RAM images, bytes free:
> whiskers : 212
> minimuffin: 284
> zinger : 284
>
> BRANCH=none
> BUG=b:169156874
> TEST=make buildall
>
> Signed-off-by: Tom Hughes <tomhughes@chromium.org>
> Change-Id: I98422eccb3e903bd82ddb386087dd2d55d1f845e
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2424068
> Reviewed-by: Denis Brockus <dbrockus@chromium.org>
> Code-Coverage: Zoss <zoss-cl-coverage@prod.google.com>
Bug: b:169156874
Change-Id: I794ae31f9e217677471b0ff164fadc9623571a33
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3919500
Commit-Queue: Raul Rangel <rrangel@chromium.org>
Commit-Queue: Jeremy Bettis <jbettis@chromium.org>
Reviewed-by: Raul Rangel <rrangel@chromium.org>
Tested-by: Jeremy Bettis <jbettis@chromium.org>
Auto-Submit: Jeremy Bettis <jbettis@chromium.org>
-rw-r--r-- | board/host/board.h | 2 | ||||
-rw-r--r-- | common/rollback.c | 2 | ||||
-rw-r--r-- | common/util.c | 17 | ||||
-rw-r--r-- | include/config.h | 11 | ||||
-rw-r--r-- | third_party/rules.mk | 3 | ||||
-rw-r--r-- | util/config_allowed.txt | 1 | ||||
-rw-r--r-- | zephyr/CMakeLists.txt | 13 |
7 files changed, 34 insertions, 15 deletions
diff --git a/board/host/board.h b/board/host/board.h index a0099c38fe..165331ce4c 100644 --- a/board/host/board.h +++ b/board/host/board.h @@ -25,6 +25,8 @@ #define CONFIG_WP_ACTIVE_HIGH +#define CONFIG_LIBCRYPTOC + #define CONFIG_USB_PD_CUSTOM_PDO #define CONFIG_USB_PD_DUAL_ROLE diff --git a/common/rollback.c b/common/rollback.c index 3d61cd4d95..20dcbe4aa9 100644 --- a/common/rollback.c +++ b/common/rollback.c @@ -8,7 +8,9 @@ #include "builtin/assert.h" #include "common.h" #include "console.h" +#ifdef CONFIG_LIBCRYPTOC #include "cryptoc/util.h" +#endif #include "flash.h" #include "hooks.h" #include "host_command.h" diff --git a/common/util.c b/common/util.c index b19fcd1d99..7672dc1325 100644 --- a/common/util.c +++ b/common/util.c @@ -8,7 +8,6 @@ #include "builtin/assert.h" #include "common.h" #include "console.h" -#include "cryptoc/util.h" #include "util.h" int find_base(int base, int *c, const char **nptr) @@ -86,7 +85,21 @@ int parse_bool(const char *s, int *dest) /* Constant-time memory comparison */ int safe_memcmp(const void *s1, const void *s2, size_t size) { - return ct_memeq(s1, s2, size); + const uint8_t *us1 = s1; + const uint8_t *us2 = s2; + int result = 0; + + if (size == 0) + return 0; + + /* + * Code snippet without data-dependent branch due to Nate Lawson + * (nate@root.org) of Root Labs. + */ + while (size--) + result |= *us1++ ^ *us2++; + + return result != 0; } void reverse(void *dest, size_t len) diff --git a/include/config.h b/include/config.h index 9257a5884e..8ca7973093 100644 --- a/include/config.h +++ b/include/config.h @@ -396,6 +396,9 @@ /* Define which ALS sensor is used for dimming the lightbar when dark */ #undef CONFIG_ALS_LIGHTBAR_DIMMING +/* Link against third_party/cryptoc. */ +#undef CONFIG_LIBCRYPTOC + /* Support AP hang detection host command and state machine */ #undef CONFIG_AP_HANG_DETECT @@ -6248,6 +6251,14 @@ /*****************************************************************************/ /* + * Define CONFIG_LIBCRYPTOC if a board needs to read secret data from the + * anti-rollback block. + */ +#ifdef CONFIG_ROLLBACK_SECRET_SIZE +#define CONFIG_LIBCRYPTOC +#endif + +/* * Handle task-dependent configs. * * This prevent sub-modules from being compiled when the task and parent module diff --git a/third_party/rules.mk b/third_party/rules.mk index 38ebcf8d3f..eb4391b70c 100644 --- a/third_party/rules.mk +++ b/third_party/rules.mk @@ -9,6 +9,7 @@ # Build and link against libcryptoc. # See https://chromium.googlesource.com/chromiumos/third_party/cryptoc . +ifeq ($(CONFIG_LIBCRYPTOC),y) # The cryptoc path can be overridden on invocation, as in the following example: # $ make CRYPTOC_DIR=~/src/cryptoc BOARD=bloonchipper @@ -52,3 +53,5 @@ test-targets=$(foreach test,$(test-list-y),\ $(out)/RW/$(test).RW.elf $(out)/RO/$(test).RO.elf) $(test-targets): LDFLAGS_EXTRA += $(CRYPTOC_LDFLAGS) $(test-targets): $(out)/cryptoc/libcryptoc.a + +endif # CONFIG_LIBCRYPTOC diff --git a/util/config_allowed.txt b/util/config_allowed.txt index f9180640c8..7a8e3ffbba 100644 --- a/util/config_allowed.txt +++ b/util/config_allowed.txt @@ -600,6 +600,7 @@ CONFIG_LED_PWM_ACTIVE_CHARGE_PORT_ONLY CONFIG_LED_PWM_CHARGE_STATE_ONLY CONFIG_LED_PWM_COUNT CONFIG_LFW_OFFSET +CONFIG_LIBCRYPTOC CONFIG_LID_ANGLE_INVALID_CHECK CONFIG_LID_ANGLE_SENSOR_BASE CONFIG_LID_ANGLE_SENSOR_LID diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt index 6f57cb5d40..7a71823bc8 100644 --- a/zephyr/CMakeLists.txt +++ b/zephyr/CMakeLists.txt @@ -130,19 +130,6 @@ endif() add_subdirectory("subsys") -set(cryptoc_dir "../../../third_party/cryptoc") -zephyr_library_sources( - ${cryptoc_dir}/hmac.c - ${cryptoc_dir}/md5.c - ${cryptoc_dir}/p256.c - ${cryptoc_dir}/p256_ec.c - ${cryptoc_dir}/p256_ecdsa.c - ${cryptoc_dir}/p256_prng.c - ${cryptoc_dir}/sha224.c - ${cryptoc_dir}/util.c -) -zephyr_library_include_directories(${cryptoc_dir}/include) - # Creates a phony target all.libraries in case you only want to build the # libraries and not the binaries. For example for creating the initial zero # coverage files. |