Skip to content

Commit

Permalink
Add support for BoringSSL CHIPCryptoPAL backend (#20824)
Browse files Browse the repository at this point in the history
* Add boringssl submodule

* Ran GN build generator from boringssl repos, added files

* Boring SSL fully working

- OpenSSL still works
- Updated necessary differences
- Added tests for Matter-compliant AES-CCM128 with 16 byte tag, 13 byte nonce
- Added build files

* Restyled

* Fix CI, remove some forgotten remainders

Co-authored-by: Tennessee Carmel-Veilleux <[email protected]>
  • Loading branch information
cletnick and tcarmelveilleux authored Jul 18, 2022
1 parent aa9457e commit fa549eb
Show file tree
Hide file tree
Showing 177 changed files with 289,041 additions and 2,065 deletions.
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
Expand Up @@ -269,3 +269,6 @@
[submodule "editline"]
path = third_party/editline/repo
url = https://github.com/troglobit/editline.git
[submodule "third_party/boringssl/repo/src"]
path = third_party/boringssl/repo/src
url = https://github.com/google/boringssl.git
19 changes: 19 additions & 0 deletions build_overrides/boringssl.gni
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright (c) 2022 Project CHIP Authors
# All rights reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

declare_args() {
# Root directory for BoringSSL
boringssl_root = "//third_party/boringssl/repo"
}
31 changes: 21 additions & 10 deletions src/crypto/BUILD.gn
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,7 @@ buildconfig_header("crypto_buildconfig") {
header = "CryptoBuildConfig.h"
header_dir = "crypto"

chip_crypto_mbedtls = chip_crypto == "mbedtls"
chip_crypto_openssl = chip_crypto == "openssl"

defines = [
"CHIP_CRYPTO_MBEDTLS=${chip_crypto_mbedtls}",
"CHIP_CRYPTO_OPENSSL=${chip_crypto_openssl}",
"CHIP_WITH_OPENSSL=${chip_crypto_openssl}",
]
defines = []

if (chip_with_se05x == 1) {
defines += [ "CHIP_CRYPTO_HSM=1" ]
Expand All @@ -46,13 +39,27 @@ buildconfig_header("crypto_buildconfig") {
}
}

config("crypto_config") {
chip_crypto_mbedtls = chip_crypto == "mbedtls"
chip_crypto_openssl = chip_crypto == "openssl"
chip_crypto_boringssl = chip_crypto == "boringssl"

defines = [
"CHIP_CRYPTO_MBEDTLS=${chip_crypto_mbedtls}",
"CHIP_CRYPTO_OPENSSL=${chip_crypto_openssl}",
"CHIP_CRYPTO_BORINGSSL=${chip_crypto_boringssl}",
]
}

if (chip_crypto == "openssl") {
import("${build_root}/config/linux/pkg_config.gni")

pkg_config("openssl_config") {
packages = [ "openssl" ]
}
} else {
} else if (chip_crypto == "boringssl") {
import("//build_overrides/boringssl.gni")
} else if (chip_crypto == "mbedtls") {
import("//build_overrides/mbedtls.gni")
}

Expand All @@ -79,7 +86,7 @@ static_library("crypto") {
"${nlassert_root}:nlassert",
]

public_configs = []
public_configs = [ ":crypto_config" ]

if (chip_crypto == "mbedtls") {
sources += [ "CHIPCryptoPALmbedTLS.cpp" ]
Expand All @@ -92,6 +99,10 @@ static_library("crypto") {
} else if (chip_crypto == "openssl") {
sources += [ "CHIPCryptoPALOpenSSL.cpp" ]
public_configs += [ ":openssl_config" ]
} else if (chip_crypto == "boringssl") {
# BoringSSL is close enough to OpenSSL that isd uses same PAL, with minor #ifdef differences
sources += [ "CHIPCryptoPALOpenSSL.cpp" ]
public_deps += [ "${boringssl_root}:boringssl" ]
} else {
assert(false, "Invalid CHIP crypto")
}
Expand Down
8 changes: 2 additions & 6 deletions src/crypto/CHIPCryptoPAL.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@

#pragma once

#if CHIP_HAVE_CONFIG_H
//#if CHIP_HAVE_CONFIG_H
#include <crypto/CryptoBuildConfig.h>
#endif
//#endif

#include <system/SystemConfig.h>

Expand Down Expand Up @@ -79,10 +79,6 @@ constexpr size_t kP256_PublicKey_Length = CHIP_CRYPTO_PUBLIC_KEY_SIZE_BYTES;
constexpr size_t kAES_CCM128_Key_Length = 128u / 8u;
constexpr size_t kAES_CCM128_Block_Length = kAES_CCM128_Key_Length;

// TODO: Remove AES-256 from CryptoPAL since not required by V1 spec
constexpr size_t kAES_CCM256_Key_Length = 256u / 8u;
constexpr size_t kAES_CCM256_Block_Length = kAES_CCM256_Key_Length;

/* These sizes are hardcoded here to remove header dependency on underlying crypto library
* in a public interface file. The validity of these sizes is verified by static_assert in
* the implementation files.
Expand Down
Loading

0 comments on commit fa549eb

Please sign in to comment.