diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2015-11-27 07:19:10 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2015-12-03 02:21:57 -0800 |
commit | d1f1e7722dac34b29a3942919cba8150e9838866 (patch) | |
tree | da7f2d702b7ed8024e722a91cc989529439f0cdc /board/cr50 | |
parent | 25b573bdae39087b93481b29ca5d8c721f59608b (diff) | |
download | chrome-ec-d1f1e7722dac34b29a3942919cba8150e9838866.tar.gz |
cr50: reduce hash implementation stack requirements
Stack space is pretty tight on cr50, and since there is no need to
support SHA digest sizes in excess of 256 bits, the digest buffer size
should be reduced.
This patch makes the maximum expected digest size dependent on the set
of configured hash algorithms, moves hash size related asserts from
run time to compile time, and passes compile time definition to the
TPM2 library to increase its hash state container (it became too small
when SHA384 was disabled).
The sw context requirements should be reduced, but this is a task for
another day. We also do not have to store a local digest copy if the
API allowed reading a partial digest.
CQ-DEPEND=CL:314883
BRANCH=none
BUG=chrome-os-partner:43025, chromium:564862
TEST=all tests pass:
$ ./test/tpm_test/tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
SUCCESS: AES:ECB common
SUCCESS: AES:ECB128 1
SUCCESS: AES:ECB192 1
SUCCESS: AES:ECB256 1
SUCCESS: AES:ECB256 2
SUCCESS: AES:CTR128I 1
SUCCESS: AES:CTR256I 1
SUCCESS: sha1:single 0
SUCCESS: sha256:single 0
/New max timeout: 1 s
SUCCESS: sha256:finish 1
SUCCESS: sha1:finish 3
SUCCESS: sha256:finish 2
Change-Id: Iaef3a230469de129e72418814e1d113b447c0137
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/314695
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Diffstat (limited to 'board/cr50')
-rw-r--r-- | board/cr50/build.mk | 3 | ||||
-rw-r--r-- | board/cr50/tpm2/hash.c | 7 |
2 files changed, 7 insertions, 3 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index aa84171346..a734411747 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -44,6 +44,9 @@ LDFLAGS_EXTRA += -L$(out)/tpm2 -ltpm2 # For the benefit of the tpm2 library. INCLUDE_ROOT := $(abspath ./include) CFLAGS += -I$(INCLUDE_ROOT) +# Make sure the context of the software sha256 implementation fits. If it ever +# increases, a compile time assert will fire in tpm2/hash.c. +CFLAGS += -DUSER_MIN_HASH_STATE_SIZE=210 # Add dependencies on that library $(out)/RO/ec.RO.elf: $(out)/tpm2/libtpm2.a diff --git a/board/cr50/tpm2/hash.c b/board/cr50/tpm2/hash.c index 8d3dc9a05d..157e8526ef 100644 --- a/board/cr50/tpm2/hash.c +++ b/board/cr50/tpm2/hash.c @@ -42,11 +42,11 @@ uint16_t _cpri__GetHashBlockSize(TPM_ALG_ID alg) return lookup_hash_info(alg)->blockSize; } +BUILD_ASSERT(sizeof(CPRI_HASH_STATE) == sizeof(EXPORT_HASH_STATE)); void _cpri__ImportExportHashState(CPRI_HASH_STATE *osslFmt, EXPORT_HASH_STATE *externalFmt, IMPORT_EXPORT direction) { - pAssert(sizeof(CPRI_HASH_STATE) == sizeof(EXPORT_HASH_STATE)); if (direction == IMPORT_STATE) memcpy(osslFmt, externalFmt, sizeof(CPRI_HASH_STATE)); else @@ -88,13 +88,14 @@ uint16_t _cpri__HashBlock(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in, return out_len; } +BUILD_ASSERT(sizeof(struct HASH_CTX) <= + sizeof(((CPRI_HASH_STATE *)0)->state)); uint16_t _cpri__StartHash(TPM_ALG_ID alg, BOOL sequence, - CPRI_HASH_STATE *state) + CPRI_HASH_STATE *state) { struct HASH_CTX *ctx = (struct HASH_CTX *) state->state; uint16_t result; - pAssert(sizeof(struct HASH_CTX) < sizeof(state->state)); switch (alg) { case TPM_ALG_SHA1: DCRYPTO_SHA1_init(ctx, sequence); |