diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-09 16:37:40 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-08-10 05:34:54 +0000 |
commit | 43f6e7be087720507e57cf27e9460aae64c3b69a (patch) | |
tree | 7044f1ce4b46c7003090bf1268e872ed258f3acb | |
parent | c3c528d2e61411b095b4ee898ba7b14114df02ce (diff) | |
download | chrome-ec-43f6e7be087720507e57cf27e9460aae64c3b69a.tar.gz |
cr50: drop cryptoc for always_memset()stabilize-14149.B-cr50_stab
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects.
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I40090f5d32df088c88d7313dd693fc8a0dd4b308
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3083187
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
-rw-r--r-- | board/cr50/dcrypto/app_key.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/bn.c | 1 | ||||
-rw-r--r-- | board/cr50/dcrypto/gcm.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/hkdf.c | 1 | ||||
-rw-r--r-- | board/cr50/dcrypto/hmac.c | 1 | ||||
-rw-r--r-- | board/cr50/dcrypto/hmac_drbg.c | 1 | ||||
-rw-r--r-- | board/cr50/dcrypto/internal.h | 6 | ||||
-rw-r--r-- | board/cr50/dcrypto/p256.c | 1 | ||||
-rw-r--r-- | board/cr50/dcrypto/rsa.c | 1 | ||||
-rw-r--r-- | board/cr50/dcrypto/util.c | 12 | ||||
-rw-r--r-- | board/cr50/tpm2/ecc.c | 1 | ||||
-rw-r--r-- | board/cr50/tpm2/endorsement.c | 1 | ||||
-rw-r--r-- | common/ccd_config.c | 1 | ||||
-rw-r--r-- | common/rma_auth.c | 1 | ||||
-rw-r--r-- | common/rollback.c | 1 |
15 files changed, 18 insertions, 15 deletions
diff --git a/board/cr50/dcrypto/app_key.c b/board/cr50/dcrypto/app_key.c index 1fafab9d2e..f655471f69 100644 --- a/board/cr50/dcrypto/app_key.c +++ b/board/cr50/dcrypto/app_key.c @@ -7,8 +7,6 @@ #include "endian.h" #include "registers.h" -#include "cryptoc/util.h" - #include "console.h" const char *const dcrypto_app_names[] = { diff --git a/board/cr50/dcrypto/bn.c b/board/cr50/dcrypto/bn.c index 7b68c10d89..671ce6256e 100644 --- a/board/cr50/dcrypto/bn.c +++ b/board/cr50/dcrypto/bn.c @@ -12,7 +12,6 @@ #include "trng.h" -#include "cryptoc/util.h" #include <assert.h> diff --git a/board/cr50/dcrypto/gcm.c b/board/cr50/dcrypto/gcm.c index cd035bbd54..a490a4e079 100644 --- a/board/cr50/dcrypto/gcm.c +++ b/board/cr50/dcrypto/gcm.c @@ -9,8 +9,6 @@ #include "endian.h" -#include "cryptoc/util.h" - static void gcm_mul(uint32_t *counter) { int i; diff --git a/board/cr50/dcrypto/hkdf.c b/board/cr50/dcrypto/hkdf.c index 3afdc6b2eb..c6692ef554 100644 --- a/board/cr50/dcrypto/hkdf.c +++ b/board/cr50/dcrypto/hkdf.c @@ -8,7 +8,6 @@ #include "internal.h" #include "cryptoc/sha256.h" -#include "cryptoc/util.h" static int hkdf_extract(uint8_t *PRK, const uint8_t *salt, size_t salt_len, const uint8_t *IKM, size_t IKM_len) diff --git a/board/cr50/dcrypto/hmac.c b/board/cr50/dcrypto/hmac.c index 7cc45a03ba..72d4296422 100644 --- a/board/cr50/dcrypto/hmac.c +++ b/board/cr50/dcrypto/hmac.c @@ -9,7 +9,6 @@ #include <stdint.h> #include "cryptoc/sha256.h" -#include "cryptoc/util.h" /* TODO(sukhomlinov): add support for hardware hmac. */ static void hmac_sha256_init(LITE_HMAC_CTX *ctx, const void *key, diff --git a/board/cr50/dcrypto/hmac_drbg.c b/board/cr50/dcrypto/hmac_drbg.c index 2ca20e03ff..d601e721de 100644 --- a/board/cr50/dcrypto/hmac_drbg.c +++ b/board/cr50/dcrypto/hmac_drbg.c @@ -4,7 +4,6 @@ */ #include "console.h" -#include "cryptoc/util.h" #include "dcrypto.h" #include "extension.h" #include "internal.h" diff --git a/board/cr50/dcrypto/internal.h b/board/cr50/dcrypto/internal.h index 1811426f2a..2e6f62e2e8 100644 --- a/board/cr50/dcrypto/internal.h +++ b/board/cr50/dcrypto/internal.h @@ -200,6 +200,12 @@ void dcrypto_imem_load(size_t offset, const uint32_t *opcodes, */ uint32_t dcrypto_dmem_load(size_t offset, const void *words, size_t n_words); +/** + * An implementation of memset that ought not to be optimized away; + * useful for scrubbing security sensitive buffers. + */ +void *always_memset(void *s, int c, size_t n); + /* * Key ladder. */ diff --git a/board/cr50/dcrypto/p256.c b/board/cr50/dcrypto/p256.c index 665144e31b..f75329d5bf 100644 --- a/board/cr50/dcrypto/p256.c +++ b/board/cr50/dcrypto/p256.c @@ -6,7 +6,6 @@ #include "dcrypto.h" #include "cryptoc/p256.h" -#include "cryptoc/util.h" static const p256_int p256_one = P256_ONE; diff --git a/board/cr50/dcrypto/rsa.c b/board/cr50/dcrypto/rsa.c index 8a4115398d..053c75f16e 100644 --- a/board/cr50/dcrypto/rsa.c +++ b/board/cr50/dcrypto/rsa.c @@ -15,7 +15,6 @@ #include "cryptoc/sha256.h" #include "cryptoc/sha384.h" #include "cryptoc/sha512.h" -#include "cryptoc/util.h" /* Extend the MSB throughout the word. */ static uint32_t msb_extend(uint32_t a) diff --git a/board/cr50/dcrypto/util.c b/board/cr50/dcrypto/util.c index 08167bd9c5..117fec60b4 100644 --- a/board/cr50/dcrypto/util.c +++ b/board/cr50/dcrypto/util.c @@ -203,3 +203,15 @@ __stdlib_compat int strncmp(const char *s1, const char *s2, size_t n) } return 0; } + +static void always_memset_impl(volatile char *s, int c, size_t n) +{ + while (n--) + *s++ = c; +} + +void *always_memset(void *s, int c, size_t n) +{ + always_memset_impl(s, c, n); + return s; +} diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c index 4a7cb6b6ff..1bcf2d5c5a 100644 --- a/board/cr50/tpm2/ecc.c +++ b/board/cr50/tpm2/ecc.c @@ -15,7 +15,6 @@ #include "cryptoc/p256.h" #include "cryptoc/p256_ecdsa.h" -#include "cryptoc/util.h" static void reverse_tpm2b(TPM2B *b) { diff --git a/board/cr50/tpm2/endorsement.c b/board/cr50/tpm2/endorsement.c index e85d3dfd0e..844d07e2a6 100644 --- a/board/cr50/tpm2/endorsement.c +++ b/board/cr50/tpm2/endorsement.c @@ -31,7 +31,6 @@ #include "dcrypto.h" #include <cryptoc/sha256.h> -#include <cryptoc/util.h> #include <endian.h> #include <string.h> diff --git a/common/ccd_config.c b/common/ccd_config.c index 5d9907a4b4..3433766b7c 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -10,7 +10,6 @@ #include "ccd_config.h" #include "console.h" #include "cryptoc/sha256.h" -#include "cryptoc/util.h" #include "dcrypto.h" #include "extension.h" #include "hooks.h" diff --git a/common/rma_auth.c b/common/rma_auth.c index 7ed16bb968..7a34396acd 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -28,7 +28,6 @@ #include "util.h" #ifndef TEST_BUILD -#include "cryptoc/util.h" #include "rma_key_from_blob.h" #else /* Cryptoc library is not available to the test layer. */ diff --git a/common/rollback.c b/common/rollback.c index ea508f2b0b..fc2a5e21ab 100644 --- a/common/rollback.c +++ b/common/rollback.c @@ -7,7 +7,6 @@ #include "common.h" #include "console.h" -#include "cryptoc/util.h" #include "flash.h" #include "hooks.h" #include "host_command.h" |