From c6b0971daa407213edc1f8ccc48a49994036c4d5 Mon Sep 17 00:00:00 2001
From: Mary Ruthven <mruthven@chromium.org>
Date: Tue, 22 Jun 2021 12:15:06 -0500
Subject: cr50: use board/cr50/dcrypto

BUG=b:191799047
TEST=make buildall -j ; run tpmtest

Change-Id: I8b743c16c4e4b8b0779eb40ba1eb0a78613930f9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2980812
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
---
 board/cr50/board.h  |  3 ++-
 board/cr50/build.mk | 36 ++++++++++++++++++++++++++++++++++--
 chip/g/build.mk     |  1 +
 common/rma_auth.c   |  5 +++--
 include/config.h    |  4 ++++
 5 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/board/cr50/board.h b/board/cr50/board.h
index 06e1252101..a91bb9ba2a 100644
--- a/board/cr50/board.h
+++ b/board/cr50/board.h
@@ -156,7 +156,8 @@
 #define CONFIG_CONSOLE_COMMAND_FLAGS_DEFAULT CMD_FLAG_RESTRICTED
 
 /* Include crypto stuff, both software and hardware. Enable optimizations. */
-#define CONFIG_DCRYPTO
+/* Use board specific version of dcrypto */
+#define CONFIG_DCRYPTO_BOARD
 #define CONFIG_UPTO_SHA512
 #define CONFIG_DCRYPTO_RSA_SPEEDUP
 
diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index a06bcd3065..140812542f 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -33,9 +33,9 @@ else
 all: hex
 
 # The simulator components have their own subdirectory
-CFLAGS += -I$(realpath chip/$(CHIP)/dcrypto)
+CFLAGS += -I$(realpath $(BDIR)/dcrypto)
 CFLAGS += -I$(realpath $(BDIR)/tpm2)
-dirs-y += chip/$(CHIP)/dcrypto
+dirs-y += $(BDIR)/dcrypto
 dirs-y += $(BDIR)/tpm2
 
 # Objects that we need to build
@@ -54,6 +54,38 @@ board-${CONFIG_RDD} += rdd.o
 board-${CONFIG_USB_SPI} += usb_spi.o
 board-${CONFIG_USB_I2C} += usb_i2c.o
 board-y += recovery_button.o
+
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/aes.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/aes_cmac.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/app_cipher.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/app_key.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/bn.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/dcrypto_bn.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/dcrypto_p256.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/compare.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/dcrypto_runtime.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/gcm.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/hkdf.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/hmac.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/hmac_drbg.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/key_ladder.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/p256.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/p256_ec.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/p256_ecies.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/rsa.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/sha1.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/sha256.o
+ifeq ($(CONFIG_UPTO_SHA512),y)
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/sha384.o
+ifeq ($(CONFIG_DCRYPTO_SHA512),y)
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/dcrypto_sha512.o
+else
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/sha512.o
+endif
+endif
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/x509.o
+board-$(CONFIG_DCRYPTO_BOARD)+= dcrypto/trng.o
+
 board-y += tpm2/NVMem.o
 board-y += tpm2/aes.o
 board-y += tpm2/ecc.o
diff --git a/chip/g/build.mk b/chip/g/build.mk
index 67e8967eca..2fb82e4f4d 100644
--- a/chip/g/build.mk
+++ b/chip/g/build.mk
@@ -28,6 +28,7 @@ chip-$(CONFIG_UART_BITBANG)+= uart_bitbang.o
 endif # undef CONFIG_POLLING_UART
 
 chip-$(CONFIG_DCRYPTO)+= crypto_api.o
+chip-$(CONFIG_DCRYPTO_BOARD)+= crypto_api.o
 
 chip-$(CONFIG_DCRYPTO)+= dcrypto/aes.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/aes_cmac.o
diff --git a/common/rma_auth.c b/common/rma_auth.c
index 24c30bbe52..7ed16bb968 100644
--- a/common/rma_auth.c
+++ b/common/rma_auth.c
@@ -35,8 +35,9 @@
 #define always_memset memset
 #endif
 
-#ifdef CONFIG_DCRYPTO
+#if defined(CONFIG_DCRYPTO) || defined(CONFIG_DCRYPTO_BOARD)
 #include "dcrypto.h"
+#define USE_DCRYPTO
 #else
 #include "sha256.h"
 #endif
@@ -79,7 +80,7 @@ static void get_hmac_sha256(void *hmac_out, const uint8_t *secret,
 			    size_t secret_size, const void *ch_ptr,
 			    size_t ch_size)
 {
-#ifdef CONFIG_DCRYPTO
+#ifdef USE_DCRYPTO
 	LITE_HMAC_CTX hmac;
 
 	DCRYPTO_HMAC_SHA256_init(&hmac, secret, secret_size);
diff --git a/include/config.h b/include/config.h
index 8f7abdec59..b800904829 100644
--- a/include/config.h
+++ b/include/config.h
@@ -1354,6 +1354,10 @@
  * allow fuzzing targets to fuzz code that depends on dcrypto.
  */
 #undef CONFIG_DCRYPTO
+/*
+ * Use dcrypto in the board directory instead of chip/g.
+ */
+#undef CONFIG_DCRYPTO_BOARD
 /*
  * This provides struct definitions and function declarations that can be
  * implemented by unit tests for testing code that depends on dcrypto.
-- 
cgit v1.2.1