diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-07-30 08:40:32 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-08-12 14:18:48 +0000 |
commit | 7ddbd2a9eab0dc54897d6b5bb8ee1d4b3be1fe27 (patch) | |
tree | 43356bb71d38ea7f5ea1639855ac3b322d460176 /common/pinweaver.c | |
parent | 43f6e7be087720507e57cf27e9460aae64c3b69a (diff) | |
download | chrome-ec-stabilize-14150.64.B-cr50_stab.tar.gz |
cr50: drop cryptoc for SHA1/SHA2 supportstabilize-14150.882.B-cr50_stabstabilize-14150.881.B-cr50_stabstabilize-14150.74.B-cr50_stabstabilize-14150.734.B-cr50_stabstabilize-14150.64.B-cr50_stabstabilize-14150.43.B-cr50_stabstabilize-14150.376.B-cr50_stabrelease-R94-14150.B-cr50_stabrelease-R94-14150.49.B-cr50_stab
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects. While just making local copy of cryptoc would
solve an issue, it's suboptimal as prevents from many optimizations and
improvements.
Provided SHA & HMAC implementations from Ti50 project. This provides
better performance (500us vs. 670us earlier for HMAC DRBG) and reduce
code size. This implementation also enables stack use savings when
only specific digest is needed. Earlier SHA512 context was allocated
when only SHA256 is needed greatly increasing stack consumption for
code using HMAC_DRBG and others.
However, it introduce subtle API changes which require handling.
As for tests, since core implementation is hardware-independent, make
it available for BOARD=host too.
Before change (with cryptoc):
*** 12368 bytes in flash and 5784 bytes in RAM
After:
*** 13136 bytes in flash and 5796 bytes in RAM
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I2ff5362aee9078ce83dc1f8081943a5101d5f666
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3064201
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'common/pinweaver.c')
-rw-r--r-- | common/pinweaver.c | 46 |
1 files changed, 25 insertions, 21 deletions
diff --git a/common/pinweaver.c b/common/pinweaver.c index 2cc4118c7d..7cea0ca1b0 100644 --- a/common/pinweaver.c +++ b/common/pinweaver.c @@ -159,17 +159,19 @@ static int create_merkle_tree(struct bits_per_level_t bits_per_level, uint8_t temp_hash[PW_HASH_SIZE] = {}; uint8_t hx; uint16_t kx; - LITE_SHA256_CTX ctx; + struct sha256_ctx ctx; merkle_tree->bits_per_level = bits_per_level; merkle_tree->height = height; /* Initialize the root hash. */ for (hx = 0; hx < height.v; ++hx) { - DCRYPTO_SHA256_init(&ctx, 0); + SHA256_hw_init(&ctx); for (kx = 0; kx < fan_out; ++kx) - HASH_update(&ctx, temp_hash, PW_HASH_SIZE); - memcpy(temp_hash, HASH_final(&ctx), PW_HASH_SIZE); + HASH_update((union hash_ctx *)&ctx, temp_hash, + PW_HASH_SIZE); + memcpy(temp_hash, HASH_final((union hash_ctx *)&ctx), + PW_HASH_SIZE); } memcpy(merkle_tree->root, temp_hash, PW_HASH_SIZE); @@ -179,24 +181,25 @@ static int create_merkle_tree(struct bits_per_level_t bits_per_level, } /* Computes the HMAC for an encrypted leaf using the key in the merkle_tree. */ -static void compute_hmac( - const struct merkle_tree_t *merkle_tree, - const struct imported_leaf_data_t *imported_leaf_data, - uint8_t result[PW_HASH_SIZE]) +static void compute_hmac(const struct merkle_tree_t *merkle_tree, + const struct imported_leaf_data_t *imported_leaf_data, + uint8_t result[PW_HASH_SIZE]) { - LITE_HMAC_CTX hmac; + struct hmac_sha256_ctx hmac; - DCRYPTO_HMAC_SHA256_init(&hmac, merkle_tree->hmac_key, + HMAC_SHA256_hw_init(&hmac, merkle_tree->hmac_key, sizeof(merkle_tree->hmac_key)); - HASH_update(&hmac.hash, imported_leaf_data->head, + /* use HASH_update() vs. HMAC_update() due limits of dcrypto mock. */ + HASH_update((union hash_ctx *)&hmac.hash, imported_leaf_data->head, sizeof(*imported_leaf_data->head)); - HASH_update(&hmac.hash, imported_leaf_data->iv, + HASH_update((union hash_ctx *)&hmac.hash, imported_leaf_data->iv, sizeof(PW_WRAP_BLOCK_SIZE)); - HASH_update(&hmac.hash, imported_leaf_data->pub, + HASH_update((union hash_ctx *)&hmac.hash, imported_leaf_data->pub, imported_leaf_data->head->pub_len); - HASH_update(&hmac.hash, imported_leaf_data->cipher_text, + HASH_update((union hash_ctx *)&hmac.hash, + imported_leaf_data->cipher_text, imported_leaf_data->head->sec_len); - memcpy(result, DCRYPTO_HMAC_final(&hmac), PW_HASH_SIZE); + memcpy(result, HMAC_SHA256_hw_final(&hmac), PW_HASH_SIZE); } /* Computes the root hash for the specified path and child hash. */ @@ -1386,16 +1389,17 @@ void compute_hash(const uint8_t hashes[][PW_HASH_SIZE], uint16_t num_hashes, const uint8_t child_hash[PW_HASH_SIZE], uint8_t result[PW_HASH_SIZE]) { - LITE_SHA256_CTX ctx; + struct sha256_ctx ctx; - DCRYPTO_SHA256_init(&ctx, 0); + SHA256_hw_init(&ctx); if (location.v > 0) - HASH_update(&ctx, hashes[0], PW_HASH_SIZE * location.v); - HASH_update(&ctx, child_hash, PW_HASH_SIZE); + HASH_update((union hash_ctx *)&ctx, hashes[0], + PW_HASH_SIZE * location.v); + HASH_update((union hash_ctx *)&ctx, child_hash, PW_HASH_SIZE); if (location.v < num_hashes) - HASH_update(&ctx, hashes[location.v], + HASH_update((union hash_ctx *)&ctx, hashes[location.v], PW_HASH_SIZE * (num_hashes - location.v)); - memcpy(result, HASH_final(&ctx), PW_HASH_SIZE); + memcpy(result, HASH_final((union hash_ctx *)&ctx), PW_HASH_SIZE); } /* If a request from older protocol comes, this method should make it |