diff options
| author | Jonathon Murphy <jpmurphy@google.com> | 2023-04-21 16:22:41 +0000 |
|---|---|---|
| committer | Jonathon Murphy <jpmurphy@google.com> | 2023-04-21 16:25:02 +0000 |
| commit | 29010714734f98d5b96cacaaeff15fc1488714af (patch) | |
| tree | 1a69579630b626e9a164ec58bf1513722548241d | |
| parent | eaf2376ff817d2c0019a6064f9d77187b4f70507 (diff) | |
| download | chrome-ec-29010714734f98d5b96cacaaeff15fc1488714af.tar.gz | |
Revert "Reland "Use third_party boringssl for AES""
This reverts commit 0164feeebaad4abc7deb510c57ca0707dd2babb1.
Reason for revert: Breaks postsubmit b/279174496
Original change's description:
> Reland "Use third_party boringssl for AES"
>
> This is a reland of commit 6fa9cc0c7484be908010a6acdd6547d686234e34
>
> Original change's description:
> > Use third_party boringssl for AES
> >
> > The original boringssl copy is not maintainable in the long term.
> > We should build it from the upstream version.
> >
> > BUG=b:248508087, b:273639386
> > TEST=make runhosttests -j
> > TEST=make buildall -j
> > BRANCH=none
> >
> > Signed-off-by: Yi Chou <yich@google.com>
> > Change-Id: I3ead1244c3c839590281e20e5c4828242933d1f2
> > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3925087
> > Reviewed-by: Tom Hughes <tomhughes@chromium.org>
>
> BUG=b:248508087, b:273639386
> TEST=make runhosttests -j
> TEST=make buildall -j
> BRANCH=none
>
> Signed-off-by: Yi Chou <yich@google.com>
> Cq-Depend: chromium:4439330
> Change-Id: Ic22faafacaf331a1376d094a37c6efe271326d0b
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4439569
> Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Bug: b:248508087, b:273639386
Change-Id: I5cfb826bff10df55bbadf76c6cc2062bc761a6d3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4456117
Commit-Queue: Jonathon Murphy <jpmurphy@google.com>
Commit-Queue: Tom Hughes <tomhughes@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
Auto-Submit: Jonathon Murphy <jpmurphy@google.com>
Reviewed-by: Jonathon Murphy <jpmurphy@google.com>
Tested-by: Jonathon Murphy <jpmurphy@google.com>
Owners-Override: Jonathon Murphy <jpmurphy@google.com>
| -rw-r--r-- | baseboard/nucleo-f412zg/base-board.h | 3 | ||||
| -rw-r--r-- | baseboard/nucleo-h743zi/base-board.h | 3 | ||||
| -rw-r--r-- | board/hatch_fp/board.h | 3 | ||||
| -rw-r--r-- | board/nocturne_fp/board.h | 3 | ||||
| -rw-r--r-- | board/nucleo-dartmonkey/board.h | 2 | ||||
| -rw-r--r-- | common/fpsensor/fpsensor_crypto.cc | 15 | ||||
| -rw-r--r-- | fuzz/fuzz_config.h | 3 | ||||
| -rw-r--r-- | test/aes.cc | 9 | ||||
| -rw-r--r-- | test/test_config.h | 6 | ||||
| -rw-r--r-- | third_party/boringssl/include/aes_gcm_helpers.h | 35 |
10 files changed, 21 insertions, 61 deletions
diff --git a/baseboard/nucleo-f412zg/base-board.h b/baseboard/nucleo-f412zg/base-board.h index 18e88df48c..7eb589183e 100644 --- a/baseboard/nucleo-f412zg/base-board.h +++ b/baseboard/nucleo-f412zg/base-board.h @@ -157,7 +157,8 @@ * Other *-------------------------------------------------------------------------*/ -#define CONFIG_BORINGSSL_CRYPTO +#define CONFIG_AES +#define CONFIG_AES_GCM #define CONFIG_DMA_CROS #define CONFIG_FPU #define CONFIG_HOST_COMMAND_STATUS diff --git a/baseboard/nucleo-h743zi/base-board.h b/baseboard/nucleo-h743zi/base-board.h index 936b2c6e1c..987ddf5f16 100644 --- a/baseboard/nucleo-h743zi/base-board.h +++ b/baseboard/nucleo-h743zi/base-board.h @@ -83,7 +83,8 @@ /* Enabled features */ -#define CONFIG_BORINGSSL_CRYPTO +#define CONFIG_AES +#define CONFIG_AES_GCM #define CONFIG_DMA_CROS #define CONFIG_FORCE_CONSOLE_RESUME #define CONFIG_FPU diff --git a/board/hatch_fp/board.h b/board/hatch_fp/board.h index 721d216a44..082bc937e8 100644 --- a/board/hatch_fp/board.h +++ b/board/hatch_fp/board.h @@ -222,7 +222,8 @@ * Other *-------------------------------------------------------------------------*/ -#define CONFIG_BORINGSSL_CRYPTO +#define CONFIG_AES +#define CONFIG_AES_GCM #define CONFIG_DMA_CROS #define CONFIG_FPU #define CONFIG_FPU_WARNINGS diff --git a/board/nocturne_fp/board.h b/board/nocturne_fp/board.h index 1a34c05ed8..543e8fd30f 100644 --- a/board/nocturne_fp/board.h +++ b/board/nocturne_fp/board.h @@ -202,7 +202,8 @@ #undef CONFIG_ROLLBACK_UPDATE #endif -#define CONFIG_BORINGSSL_CRYPTO +#define CONFIG_AES +#define CONFIG_AES_GCM #define CONFIG_RNG diff --git a/board/nucleo-dartmonkey/board.h b/board/nucleo-dartmonkey/board.h index 4e070bf91b..76e278b4ca 100644 --- a/board/nucleo-dartmonkey/board.h +++ b/board/nucleo-dartmonkey/board.h @@ -31,8 +31,6 @@ /* Fingerprint needs to store a secrect in the anti-rollback block */ #define CONFIG_ROLLBACK_SECRET_SIZE 32 -#define CONFIG_BORINGSSL_CRYPTO - /* SPI configuration for the fingerprint sensor */ #define CONFIG_SPI_CONTROLLER #define CONFIG_SPI_FP_PORT 2 /* SPI4: third master config */ diff --git a/common/fpsensor/fpsensor_crypto.cc b/common/fpsensor/fpsensor_crypto.cc index 5861064427..824f3d6c73 100644 --- a/common/fpsensor/fpsensor_crypto.cc +++ b/common/fpsensor/fpsensor_crypto.cc @@ -3,21 +3,16 @@ * found in the LICENSE file. */ -#include "aes_gcm_helpers.h" #include "fpsensor_crypto.h" #include "fpsensor_state.h" #include "fpsensor_utils.h" -#include "openssl/aes.h" - -/* These must be included after the "openssl/aes.h" */ -#include "crypto/fipsmodule/aes/internal.h" -#include "crypto/fipsmodule/modes/internal.h" extern "C" { +#include "aes-gcm.h" +#include "aes.h" #include "cryptoc/util.h" #include "rollback.h" #include "sha256.h" -#include "util.h" test_export_static int get_ikm(uint8_t *ikm); test_mockable void compute_hmac_sha256(uint8_t *output, const uint8_t *key, @@ -27,9 +22,9 @@ test_mockable void compute_hmac_sha256(uint8_t *output, const uint8_t *key, } #include <stdbool.h> - -#if !defined(CONFIG_BORINGSSL_CRYPTO) || !defined(CONFIG_ROLLBACK_SECRET_SIZE) -#error "fpsensor requires CONFIG_BORINGSSL_CRYPTO and ROLLBACK_SECRET_SIZE" +#if !defined(CONFIG_AES) || !defined(CONFIG_AES_GCM) || \ + !defined(CONFIG_ROLLBACK_SECRET_SIZE) +#error "fpsensor requires AES, AES_GCM and ROLLBACK_SECRET_SIZE" #endif test_export_static int get_ikm(uint8_t *ikm) diff --git a/fuzz/fuzz_config.h b/fuzz/fuzz_config.h index e7b539b864..d642513b24 100644 --- a/fuzz/fuzz_config.h +++ b/fuzz/fuzz_config.h @@ -25,7 +25,8 @@ #endif /* ! FUZZ_HOSTCMD_VERBOSE */ /* The following are for fpsensor host commands. */ -#define CONFIG_BORINGSSL_CRYPTO +#define CONFIG_AES +#define CONFIG_AES_GCM #define CONFIG_ROLLBACK_SECRET_SIZE 32 #define CONFIG_SHA256 diff --git a/test/aes.cc b/test/aes.cc index 98d79b4b03..d08679d489 100644 --- a/test/aes.cc +++ b/test/aes.cc @@ -19,6 +19,8 @@ #include "test_util.h" extern "C" { +#include "aes-gcm.h" +#include "aes.h" #include "builtin/assert.h" #include "console.h" #include "timer.h" @@ -26,13 +28,6 @@ extern "C" { #include "watchdog.h" } -#include "aes_gcm_helpers.h" -#include "openssl/aes.h" - -/* These must be included after the "openssl/aes.h" */ -#include "crypto/fipsmodule/aes/internal.h" -#include "crypto/fipsmodule/modes/internal.h" - /* Temporary buffer, to avoid using too much stack space. */ static uint8_t tmp[512]; diff --git a/test/test_config.h b/test/test_config.h index 51c15f4c8c..8f1c482b71 100644 --- a/test/test_config.h +++ b/test/test_config.h @@ -31,7 +31,8 @@ #endif #if defined(TEST_AES) || defined(TEST_CRYPTO_BENCHMARK) -#define CONFIG_BORINGSSL_CRYPTO +#define CONFIG_AES +#define CONFIG_AES_GCM #endif #ifdef TEST_BASE32 @@ -109,7 +110,8 @@ #if defined(TEST_FPSENSOR) || defined(TEST_FPSENSOR_STATE) || \ defined(TEST_FPSENSOR_CRYPTO) -#define CONFIG_BORINGSSL_CRYPTO +#define CONFIG_AES +#define CONFIG_AES_GCM #define CONFIG_ROLLBACK_SECRET_SIZE 32 #define CONFIG_SHA256 #endif diff --git a/third_party/boringssl/include/aes_gcm_helpers.h b/third_party/boringssl/include/aes_gcm_helpers.h deleted file mode 100644 index 7c902169b7..0000000000 --- a/third_party/boringssl/include/aes_gcm_helpers.h +++ /dev/null @@ -1,35 +0,0 @@ -/* Copyright 2023 The ChromiumOS Authors - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -/* Helpers for the boringssl AEC GCM interface. */ - -#ifndef __CROS_EC_AES_GCM_HELPERS_H -#define __CROS_EC_AES_GCM_HELPERS_H - -#include "openssl/aes.h" -#include "string.h" - -/* These must be included after the "openssl/aes.h" */ -#include "crypto/fipsmodule/aes/internal.h" -#include "crypto/fipsmodule/modes/internal.h" - -/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with - * the given key. |block_is_hwaes| is one if |block| is |aes_hw_encrypt|. - * - * This API was removed in upstream: - * https://boringssl-review.googlesource.com/c/boringssl/+/32004 - * - * Note: The content of GCM128_CONTEXT must be initialized by this function. - * Passing the context that remain uninitialized parts into the other - * CRYPTO_gcm128_ functions will result undefined behavior. - */ -static inline void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const AES_KEY *key, - block128_f block, int block_is_hwaes) -{ - memset(ctx, 0, sizeof(*ctx)); - CRYPTO_gcm128_init_key(&ctx->gcm_key, key, block, block_is_hwaes); -} - -#endif /* __CROS_EC_AES_GCM_HELPERS_H */ |