From 43f6e7be087720507e57cf27e9460aae64c3b69a Mon Sep 17 00:00:00 2001 From: Vadim Sukhomlinov Date: Mon, 9 Aug 2021 16:37:40 -0700 Subject: cr50: drop cryptoc for always_memset() To implement FIPS module we need to bring many crypto functions in the module boundary. Unfortunately, cryptoc is a third-party library used by dcrypto code in cr50. Cryptoc is also not well-maintained and shared with other projects. BUG=b:138578318 TEST=make BOARD=cr50 CRYPTO_TEST=1 Signed-off-by: Vadim Sukhomlinov Change-Id: I40090f5d32df088c88d7313dd693fc8a0dd4b308 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3083187 Reviewed-by: Vadim Sukhomlinov Reviewed-by: Vadim Bendebury Tested-by: Vadim Sukhomlinov Auto-Submit: Vadim Sukhomlinov Commit-Queue: Vadim Bendebury --- board/cr50/dcrypto/app_key.c | 2 -- board/cr50/dcrypto/bn.c | 1 - board/cr50/dcrypto/gcm.c | 2 -- board/cr50/dcrypto/hkdf.c | 1 - board/cr50/dcrypto/hmac.c | 1 - board/cr50/dcrypto/hmac_drbg.c | 1 - board/cr50/dcrypto/internal.h | 6 ++++++ board/cr50/dcrypto/p256.c | 1 - board/cr50/dcrypto/rsa.c | 1 - board/cr50/dcrypto/util.c | 12 ++++++++++++ board/cr50/tpm2/ecc.c | 1 - board/cr50/tpm2/endorsement.c | 1 - common/ccd_config.c | 1 - common/rma_auth.c | 1 - common/rollback.c | 1 - 15 files changed, 18 insertions(+), 15 deletions(-) diff --git a/board/cr50/dcrypto/app_key.c b/board/cr50/dcrypto/app_key.c index 1fafab9d2e..f655471f69 100644 --- a/board/cr50/dcrypto/app_key.c +++ b/board/cr50/dcrypto/app_key.c @@ -7,8 +7,6 @@ #include "endian.h" #include "registers.h" -#include "cryptoc/util.h" - #include "console.h" const char *const dcrypto_app_names[] = { diff --git a/board/cr50/dcrypto/bn.c b/board/cr50/dcrypto/bn.c index 7b68c10d89..671ce6256e 100644 --- a/board/cr50/dcrypto/bn.c +++ b/board/cr50/dcrypto/bn.c @@ -12,7 +12,6 @@ #include "trng.h" -#include "cryptoc/util.h" #include diff --git a/board/cr50/dcrypto/gcm.c b/board/cr50/dcrypto/gcm.c index cd035bbd54..a490a4e079 100644 --- a/board/cr50/dcrypto/gcm.c +++ b/board/cr50/dcrypto/gcm.c @@ -9,8 +9,6 @@ #include "endian.h" -#include "cryptoc/util.h" - static void gcm_mul(uint32_t *counter) { int i; diff --git a/board/cr50/dcrypto/hkdf.c b/board/cr50/dcrypto/hkdf.c index 3afdc6b2eb..c6692ef554 100644 --- a/board/cr50/dcrypto/hkdf.c +++ b/board/cr50/dcrypto/hkdf.c @@ -8,7 +8,6 @@ #include "internal.h" #include "cryptoc/sha256.h" -#include "cryptoc/util.h" static int hkdf_extract(uint8_t *PRK, const uint8_t *salt, size_t salt_len, const uint8_t *IKM, size_t IKM_len) diff --git a/board/cr50/dcrypto/hmac.c b/board/cr50/dcrypto/hmac.c index 7cc45a03ba..72d4296422 100644 --- a/board/cr50/dcrypto/hmac.c +++ b/board/cr50/dcrypto/hmac.c @@ -9,7 +9,6 @@ #include #include "cryptoc/sha256.h" -#include "cryptoc/util.h" /* TODO(sukhomlinov): add support for hardware hmac. */ static void hmac_sha256_init(LITE_HMAC_CTX *ctx, const void *key, diff --git a/board/cr50/dcrypto/hmac_drbg.c b/board/cr50/dcrypto/hmac_drbg.c index 2ca20e03ff..d601e721de 100644 --- a/board/cr50/dcrypto/hmac_drbg.c +++ b/board/cr50/dcrypto/hmac_drbg.c @@ -4,7 +4,6 @@ */ #include "console.h" -#include "cryptoc/util.h" #include "dcrypto.h" #include "extension.h" #include "internal.h" diff --git a/board/cr50/dcrypto/internal.h b/board/cr50/dcrypto/internal.h index 1811426f2a..2e6f62e2e8 100644 --- a/board/cr50/dcrypto/internal.h +++ b/board/cr50/dcrypto/internal.h @@ -200,6 +200,12 @@ void dcrypto_imem_load(size_t offset, const uint32_t *opcodes, */ uint32_t dcrypto_dmem_load(size_t offset, const void *words, size_t n_words); +/** + * An implementation of memset that ought not to be optimized away; + * useful for scrubbing security sensitive buffers. + */ +void *always_memset(void *s, int c, size_t n); + /* * Key ladder. */ diff --git a/board/cr50/dcrypto/p256.c b/board/cr50/dcrypto/p256.c index 665144e31b..f75329d5bf 100644 --- a/board/cr50/dcrypto/p256.c +++ b/board/cr50/dcrypto/p256.c @@ -6,7 +6,6 @@ #include "dcrypto.h" #include "cryptoc/p256.h" -#include "cryptoc/util.h" static const p256_int p256_one = P256_ONE; diff --git a/board/cr50/dcrypto/rsa.c b/board/cr50/dcrypto/rsa.c index 8a4115398d..053c75f16e 100644 --- a/board/cr50/dcrypto/rsa.c +++ b/board/cr50/dcrypto/rsa.c @@ -15,7 +15,6 @@ #include "cryptoc/sha256.h" #include "cryptoc/sha384.h" #include "cryptoc/sha512.h" -#include "cryptoc/util.h" /* Extend the MSB throughout the word. */ static uint32_t msb_extend(uint32_t a) diff --git a/board/cr50/dcrypto/util.c b/board/cr50/dcrypto/util.c index 08167bd9c5..117fec60b4 100644 --- a/board/cr50/dcrypto/util.c +++ b/board/cr50/dcrypto/util.c @@ -203,3 +203,15 @@ __stdlib_compat int strncmp(const char *s1, const char *s2, size_t n) } return 0; } + +static void always_memset_impl(volatile char *s, int c, size_t n) +{ + while (n--) + *s++ = c; +} + +void *always_memset(void *s, int c, size_t n) +{ + always_memset_impl(s, c, n); + return s; +} diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c index 4a7cb6b6ff..1bcf2d5c5a 100644 --- a/board/cr50/tpm2/ecc.c +++ b/board/cr50/tpm2/ecc.c @@ -15,7 +15,6 @@ #include "cryptoc/p256.h" #include "cryptoc/p256_ecdsa.h" -#include "cryptoc/util.h" static void reverse_tpm2b(TPM2B *b) { diff --git a/board/cr50/tpm2/endorsement.c b/board/cr50/tpm2/endorsement.c index e85d3dfd0e..844d07e2a6 100644 --- a/board/cr50/tpm2/endorsement.c +++ b/board/cr50/tpm2/endorsement.c @@ -31,7 +31,6 @@ #include "dcrypto.h" #include -#include #include #include diff --git a/common/ccd_config.c b/common/ccd_config.c index 5d9907a4b4..3433766b7c 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -10,7 +10,6 @@ #include "ccd_config.h" #include "console.h" #include "cryptoc/sha256.h" -#include "cryptoc/util.h" #include "dcrypto.h" #include "extension.h" #include "hooks.h" diff --git a/common/rma_auth.c b/common/rma_auth.c index 7ed16bb968..7a34396acd 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -28,7 +28,6 @@ #include "util.h" #ifndef TEST_BUILD -#include "cryptoc/util.h" #include "rma_key_from_blob.h" #else /* Cryptoc library is not available to the test layer. */ diff --git a/common/rollback.c b/common/rollback.c index ea508f2b0b..fc2a5e21ab 100644 --- a/common/rollback.c +++ b/common/rollback.c @@ -7,7 +7,6 @@ #include "common.h" #include "console.h" -#include "cryptoc/util.h" #include "flash.h" #include "hooks.h" #include "host_command.h" -- cgit v1.2.1