diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-12 17:55:22 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-08-16 18:21:47 +0000 |
| commit | 994efaeb57aaa023e38b547ceede69930ed687fc (patch) | |
| tree | 464ba8c9c37dfccb8e7359b83b00618bebf4554a /board/cr50/dcrypto/p256_ecies.c | |
| parent | 5d24282d7db3854c4a6adf925c75b7573de5617d (diff) | |
| download | chrome-ec-994efaeb57aaa023e38b547ceede69930ed687fc.tar.gz | |
cr50: final touches to remove cryptoc dependencystabilize-14163.B-cr50_stab
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects. While just making local copy of cryptoc would
solve an issue, it's suboptimal as prevents from many optimizations and
improvements.
1. Clean-up of #include dependencies on cryptoc
2. Build configuration drops linking with cryptoc for cr50
3. Dcrypto SHA512 code updated to compile and partially tested.
It is about 4x faster on large messages, and about 620 bytes larger.
Added an config option to use Dcrypto version as software, but not
enabled. More testing is needed to make sure it's safe and doesn't
have unintended interactions with RSA and ECDSA Dcrypto code.
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1; tpm_test
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I030b60b75daeec9c8ef079017a73345829bf7f0b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3093093
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/dcrypto/p256_ecies.c')
| -rw-r--r-- | board/cr50/dcrypto/p256_ecies.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/board/cr50/dcrypto/p256_ecies.c b/board/cr50/dcrypto/p256_ecies.c index d5afb2edbc..250e6e5aaf 100644 --- a/board/cr50/dcrypto/p256_ecies.c +++ b/board/cr50/dcrypto/p256_ecies.c @@ -9,8 +9,6 @@ #include "trng.h" #include "util.h" -#include "cryptoc/sha256.h" - #define AES_KEY_BYTES 16 #define HMAC_KEY_BYTES 32 @@ -38,7 +36,7 @@ size_t DCRYPTO_ecies_encrypt( uint8_t key[AES_KEY_BYTES + HMAC_KEY_BYTES]; const uint8_t *aes_key; const uint8_t *hmac_key; - LITE_HMAC_CTX ctx; + struct hmac_sha256_ctx ctx; uint8_t *outp = out; uint8_t *ciphertext; @@ -98,7 +96,7 @@ size_t DCRYPTO_ecies_encrypt( /* Calculate HMAC(auth_data || ciphertext). */ HMAC_SHA256_hw_init(&ctx, hmac_key, HMAC_KEY_BYTES); - HASH_update(&ctx.hash, outp, in_len); + HMAC_SHA256_update(&ctx, outp, in_len); outp += in_len; memcpy(outp, HMAC_SHA256_hw_final(&ctx), SHA256_DIGEST_SIZE); outp += SHA256_DIGEST_SIZE; @@ -120,7 +118,7 @@ size_t DCRYPTO_ecies_decrypt( uint8_t key[AES_KEY_BYTES + HMAC_KEY_BYTES]; const uint8_t *aes_key; const uint8_t *hmac_key; - LITE_HMAC_CTX ctx; + struct hmac_sha256_ctx ctx; const uint8_t *inp = in; uint8_t *outp = out; @@ -159,7 +157,7 @@ size_t DCRYPTO_ecies_decrypt( aes_key = &key[0]; hmac_key = &key[AES_KEY_BYTES]; HMAC_SHA256_hw_init(&ctx, hmac_key, HMAC_KEY_BYTES); - HASH_update(&ctx.hash, inp, in_len); + HMAC_SHA256_update(&ctx, inp, in_len); if (!DCRYPTO_equals(inp + in_len, HMAC_SHA256_hw_final(&ctx), SHA256_DIGEST_SIZE)) return 0; |