[crypto] Cryptolib binary blob#29637
Draft
siemen11 wants to merge 5 commits intolowRISC:earlgrey_1.0.0from
Draft
[crypto] Cryptolib binary blob#29637siemen11 wants to merge 5 commits intolowRISC:earlgrey_1.0.0from
siemen11 wants to merge 5 commits intolowRISC:earlgrey_1.0.0from
Conversation
Option available for the configuration:
- pic: if True, build the code as position-independent
- hashed: perform the hash of the library and check it at runtime
- type: indicate how crypto is build.
static (default): using cc_library. Self-check is not supported in
this case.
binary_blob: using opentitan_binary_blob custom rule. The cryptolib is
provide as a binary blob and then integrated in a static library as
an array of bytes.
relocatable: using opentitan_relocatable custom rule. The cryptolib is
provided as a relocatable library.
Update the compilation flag if pic option is selected to build the
code as position-independent.
Build the library in different ways depending on the type option. (Only
dev supported for the moment).
- dev: build the cryptolib as a static library (as previously), the self-integrity
check cannot be performed in that case. Both pic
(position-independent code) or pdc (position-dependent code) is supported.
by default pdc is chosen.
- fips_all: build the the cryptolib using a binary blob library, the code is
position-independent, hash self-integrity check is performed
With thanks to Elieva Pignat <elievap@google.com>
Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
Add a new setting for the configuration that will allow to select a configuration file for every configuration. The configuration file will contain a list of functions that are supported for the given configuration. The list of functions for fips_all is rough at the moment and mainly used for testing purposes. With thanks to Elieva Pignat <elievap@google.com> Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
Add security_config.h to the header list in otcrypto.h Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
Generate files for the binary blob compilation. It supports both
position-dependent and position-independent code. This information is
provided as an argument.
- jump_table.c/.h: array that contain the function names that are
part of the public interface. To generate those files it takes in
inputs the public header files and a configuration that contains the
name of the function names that are part of the library. It keeps
the functions that are in the intersection of the headers and the
configuration.
It generates also an enumeration based on the name of the function
A metadata that contain a version and a magic number
- linker_script.ld: generate a linker script to create the binary blob
This file is generated because the address at which the blob is
placed can change and be provided in argument. In case of PIC,
the address should be 0.
- lib_parser.c: Provide a wrapper for the public interface. Parse the
blob to find the function address. In case of PIC, this address is
increment by the blob address offset, to reflect the relocation of the
blob in the memory.
With thanks to Elieva Pignat <elievap@google.com>
Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
siemen11
force-pushed
the
cryptolib_binary_blob
branch
from
e596af9 to
ca1f605
Compare
Add a custom compilation rule in bazel that compiles crypto into a binary blob and include this blob into libotcrypto. This library can then be used for an application and allows to perform a self-integrity check on the binary blob. Try it out via ./bazelisk build //sw/device/lib/crypto:cryptolib --config=fips_all Also added two rules to get the elf or dis of the cryptolib in this mode. With thanks to Elieva Pignat <elievap@google.com> Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
siemen11
force-pushed
the
cryptolib_binary_blob
branch
from
ca1f605 to
5f0f5e4
Compare
cfrantz
reviewed
Mar 31, 2026
| # typedef <return_type> (*<function_name>_t)(<arg_list>); | ||
| typedef = re.sub(r"^(\w+\s+)(\w+)(\(.*)$", r"typedef \1(*\2_t)\3", function) | ||
|
|
||
| # Get the list of arguments without there type by selecting the word |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Create an option to compile the crypto library as a contiguous section of data (a binary blob).
With thanks to Elieva Pignat elievap@google.com
Please note that the fips_all.txt is just an example at this moment, I tried adding all functions