From 0c0f251d2ada2c4d8228988b4fa25476aa80ed61 Mon Sep 17 00:00:00 2001 From: Jade Philipoom Date: Thu, 18 Jan 2024 16:58:36 +0100 Subject: [PATCH] [crypto] Pass hash digests by value. Signed-off-by: Jade Philipoom --- sw/device/lib/crypto/impl/ecc.c | 32 ++++--- sw/device/lib/crypto/impl/hash.c | 84 +++++++++---------- sw/device/lib/crypto/impl/mac.c | 6 +- sw/device/lib/crypto/impl/rsa.c | 21 +++-- sw/device/lib/crypto/impl/rsa/rsa_padding.c | 64 +++++++------- sw/device/lib/crypto/impl/rsa/rsa_padding.h | 8 +- sw/device/lib/crypto/impl/rsa/rsa_signature.c | 20 ++--- sw/device/lib/crypto/impl/rsa/rsa_signature.h | 8 +- sw/device/lib/crypto/include/ecc.h | 8 +- sw/device/lib/crypto/include/hash.h | 8 +- sw/device/lib/crypto/include/rsa.h | 14 ++-- sw/device/tests/crypto/ecdsa_p256_functest.c | 2 +- .../crypto/ecdsa_p256_sideload_functest.c | 6 +- sw/device/tests/crypto/kmac_functest.c | 6 +- .../crypto/rsa_2048_signature_functest.c | 8 +- .../crypto/rsa_3072_signature_functest.c | 8 +- .../crypto/rsa_4096_signature_functest.c | 8 +- sw/device/tests/crypto/sha256_functest.c | 6 +- sw/device/tests/crypto/sha384_functest.c | 4 +- sw/device/tests/crypto/sha512_functest.c | 4 +- 20 files changed, 161 insertions(+), 164 deletions(-) diff --git a/sw/device/lib/crypto/impl/ecc.c b/sw/device/lib/crypto/impl/ecc.c index d1cc5dfd4e60cb..dfe543afe36d57 100644 --- a/sw/device/lib/crypto/impl/ecc.c +++ b/sw/device/lib/crypto/impl/ecc.c @@ -25,7 +25,7 @@ otcrypto_status_t otcrypto_ecdsa_keygen( otcrypto_status_t otcrypto_ecdsa_sign( const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const otcrypto_ecc_curve_t *elliptic_curve, otcrypto_word32_buf_t signature) { HARDENED_TRY(otcrypto_ecdsa_sign_async_start(private_key, message_digest, @@ -35,7 +35,7 @@ otcrypto_status_t otcrypto_ecdsa_sign( otcrypto_status_t otcrypto_ecdsa_verify( const otcrypto_unblinded_key_t *public_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_const_word32_buf_t signature, const otcrypto_ecc_curve_t *elliptic_curve, hardened_bool_t *verification_result) { @@ -326,12 +326,12 @@ otcrypto_status_t otcrypto_ecdsa_keygen_async_finalize( */ static status_t internal_ecdsa_p256_sign_start( const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest) { + const otcrypto_hash_digest_t message_digest) { // Check the digest length. - if (launder32(message_digest->len) != kP256ScalarWords) { + if (launder32(message_digest.len) != kP256ScalarWords) { return OTCRYPTO_BAD_ARGS; } - HARDENED_CHECK_EQ(message_digest->len, kP256ScalarWords); + HARDENED_CHECK_EQ(message_digest.len, kP256ScalarWords); // Check the key length. HARDENED_TRY(p256_private_key_length_check(private_key)); @@ -340,12 +340,12 @@ static status_t internal_ecdsa_p256_sign_start( // Start the asynchronous signature-generation routine. HARDENED_CHECK_EQ(private_key->config.hw_backed, kHardenedBoolFalse); p256_masked_scalar_t *sk = (p256_masked_scalar_t *)private_key->keyblob; - return ecdsa_p256_sign_start(message_digest->data, sk); + return ecdsa_p256_sign_start(message_digest.data, sk); } else if (launder32(private_key->config.hw_backed) == kHardenedBoolTrue) { // Load the key and start in sideloaded-key mode. HARDENED_CHECK_EQ(private_key->config.hw_backed, kHardenedBoolTrue); HARDENED_TRY(sideload_key_seed(private_key)); - return ecdsa_p256_sideload_sign_start(message_digest->data); + return ecdsa_p256_sideload_sign_start(message_digest.data); } // Invalid value for private_key->hw_backed. @@ -354,11 +354,10 @@ static status_t internal_ecdsa_p256_sign_start( otcrypto_status_t otcrypto_ecdsa_sign_async_start( const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const otcrypto_ecc_curve_t *elliptic_curve) { if (private_key == NULL || private_key->keyblob == NULL || - elliptic_curve == NULL || message_digest == NULL || - message_digest->data == NULL) { + elliptic_curve == NULL || message_digest.data == NULL) { return OTCRYPTO_BAD_ARGS; } @@ -465,34 +464,33 @@ otcrypto_status_t otcrypto_ecdsa_sign_async_finalize( */ static status_t internal_ecdsa_p256_verify_start( const otcrypto_unblinded_key_t *public_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_const_word32_buf_t signature) { // Check the public key size. HARDENED_TRY(p256_public_key_length_check(public_key)); p256_point_t *pk = (p256_point_t *)public_key->key; // Check the digest length. - if (launder32(message_digest->len) != kP256ScalarWords) { + if (launder32(message_digest.len) != kP256ScalarWords) { return OTCRYPTO_BAD_ARGS; } - HARDENED_CHECK_EQ(message_digest->len, kP256ScalarWords); + HARDENED_CHECK_EQ(message_digest.len, kP256ScalarWords); // Check the signature lengths. HARDENED_TRY(p256_signature_length_check(signature.len)); ecdsa_p256_signature_t *sig = (ecdsa_p256_signature_t *)signature.data; // Start the asynchronous signature-verification routine. - return ecdsa_p256_verify_start(sig, message_digest->data, pk); + return ecdsa_p256_verify_start(sig, message_digest.data, pk); } otcrypto_status_t otcrypto_ecdsa_verify_async_start( const otcrypto_unblinded_key_t *public_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_const_word32_buf_t signature, const otcrypto_ecc_curve_t *elliptic_curve) { if (public_key == NULL || elliptic_curve == NULL || signature.data == NULL || - message_digest == NULL || message_digest->data == NULL || - public_key->key == NULL) { + message_digest.data == NULL || public_key->key == NULL) { return OTCRYPTO_BAD_ARGS; } diff --git a/sw/device/lib/crypto/impl/hash.c b/sw/device/lib/crypto/impl/hash.c index 7ba790afa807f9..895bc341e71069 100644 --- a/sw/device/lib/crypto/impl/hash.c +++ b/sw/device/lib/crypto/impl/hash.c @@ -139,35 +139,35 @@ static void sha512_state_restore(const otcrypto_hash_context_t *restrict ctx, * @return Error status. */ OT_WARN_UNUSED_RESULT -static status_t check_digest_len(otcrypto_hash_digest_t *digest) { - switch (launder32(digest->mode)) { +static status_t check_digest_len(otcrypto_hash_digest_t digest) { + switch (launder32(digest.mode)) { case kOtcryptoHashModeSha3_224: - if (launder32(digest->len) == (224 / 32)) { - HARDENED_CHECK_EQ(digest->len * sizeof(uint32_t) * 8, 224); + if (launder32(digest.len) == (224 / 32)) { + HARDENED_CHECK_EQ(digest.len * sizeof(uint32_t) * 8, 224); return OTCRYPTO_OK; } return OTCRYPTO_BAD_ARGS; case kOtcryptoHashModeSha256: OT_FALLTHROUGH_INTENDED; case kOtcryptoHashModeSha3_256: - if (launder32(digest->len) == (256 / 32)) { - HARDENED_CHECK_EQ(digest->len * sizeof(uint32_t) * 8, 256); + if (launder32(digest.len) == (256 / 32)) { + HARDENED_CHECK_EQ(digest.len * sizeof(uint32_t) * 8, 256); return OTCRYPTO_OK; } return OTCRYPTO_BAD_ARGS; case kOtcryptoHashModeSha384: OT_FALLTHROUGH_INTENDED; case kOtcryptoHashModeSha3_384: - if (launder32(digest->len) == (384 / 32)) { - HARDENED_CHECK_EQ(digest->len * sizeof(uint32_t) * 8, 384); + if (launder32(digest.len) == (384 / 32)) { + HARDENED_CHECK_EQ(digest.len * sizeof(uint32_t) * 8, 384); return OTCRYPTO_OK; } return OTCRYPTO_BAD_ARGS; case kOtcryptoHashModeSha512: OT_FALLTHROUGH_INTENDED; case kOtcryptoHashModeSha3_512: - if (launder32(digest->len) == (512 / 32)) { - HARDENED_CHECK_EQ(digest->len * sizeof(uint32_t) * 8, 512); + if (launder32(digest.len) == (512 / 32)) { + HARDENED_CHECK_EQ(digest.len * sizeof(uint32_t) * 8, 512); return OTCRYPTO_OK; } return OTCRYPTO_BAD_ARGS; @@ -187,9 +187,9 @@ static status_t check_digest_len(otcrypto_hash_digest_t *digest) { */ OT_WARN_UNUSED_RESULT static status_t hmac_sha256(otcrypto_const_byte_buf_t message, - otcrypto_hash_digest_t *digest) { - HARDENED_CHECK_EQ(digest->len, kHmacDigestNumWords); - HARDENED_CHECK_EQ(digest->mode, kOtcryptoHashModeSha256); + otcrypto_hash_digest_t digest) { + HARDENED_CHECK_EQ(digest.len, kHmacDigestNumWords); + HARDENED_CHECK_EQ(digest.mode, kOtcryptoHashModeSha256); // Initialize the hardware. hmac_sha_init(); @@ -200,40 +200,40 @@ static status_t hmac_sha256(otcrypto_const_byte_buf_t message, // Retrieve the digest and copy it to the destination buffer. hmac_digest_t hmac_digest; hmac_final(&hmac_digest); - hardened_memcpy(digest->data, hmac_digest.digest, kHmacDigestNumWords); + hardened_memcpy(digest.data, hmac_digest.digest, kHmacDigestNumWords); return OTCRYPTO_OK; } otcrypto_status_t otcrypto_hash(otcrypto_const_byte_buf_t input_message, - otcrypto_hash_digest_t *digest) { + otcrypto_hash_digest_t digest) { if (input_message.data == NULL && input_message.len != 0) { return OTCRYPTO_BAD_ARGS; } - if (digest == NULL || digest->data == NULL) { + if (digest.data == NULL) { return OTCRYPTO_BAD_ARGS; } // Check that digest length and mode match. HARDENED_TRY(check_digest_len(digest)); - switch (digest->mode) { + switch (digest.mode) { case kOtcryptoHashModeSha3_224: - return kmac_sha3_224(input_message.data, input_message.len, digest->data); + return kmac_sha3_224(input_message.data, input_message.len, digest.data); case kOtcryptoHashModeSha3_256: - return kmac_sha3_256(input_message.data, input_message.len, digest->data); + return kmac_sha3_256(input_message.data, input_message.len, digest.data); case kOtcryptoHashModeSha3_384: - return kmac_sha3_384(input_message.data, input_message.len, digest->data); + return kmac_sha3_384(input_message.data, input_message.len, digest.data); case kOtcryptoHashModeSha3_512: - return kmac_sha3_512(input_message.data, input_message.len, digest->data); + return kmac_sha3_512(input_message.data, input_message.len, digest.data); case kOtcryptoHashModeSha256: // Call the HMAC block driver in SHA-256 mode. return hmac_sha256(input_message, digest); case kOtcryptoHashModeSha384: - return sha384(input_message.data, input_message.len, digest->data); + return sha384(input_message.data, input_message.len, digest.data); case kOtcryptoHashModeSha512: - return sha512(input_message.data, input_message.len, digest->data); + return sha512(input_message.data, input_message.len, digest.data); default: // Invalid hash mode. return OTCRYPTO_BAD_ARGS; @@ -245,14 +245,14 @@ otcrypto_status_t otcrypto_hash(otcrypto_const_byte_buf_t input_message, } otcrypto_status_t otcrypto_xof_shake(otcrypto_const_byte_buf_t input_message, - otcrypto_hash_digest_t *digest) { - switch (digest->mode) { + otcrypto_hash_digest_t digest) { + switch (digest.mode) { case kOtcryptoHashXofModeShake128: - return kmac_shake_128(input_message.data, input_message.len, digest->data, - digest->len); + return kmac_shake_128(input_message.data, input_message.len, digest.data, + digest.len); case kOtcryptoHashXofModeShake256: - return kmac_shake_256(input_message.data, input_message.len, digest->data, - digest->len); + return kmac_shake_256(input_message.data, input_message.len, digest.data, + digest.len); default: return OTCRYPTO_BAD_ARGS; } @@ -266,34 +266,34 @@ otcrypto_status_t otcrypto_xof_cshake( otcrypto_const_byte_buf_t input_message, otcrypto_const_byte_buf_t function_name_string, otcrypto_const_byte_buf_t customization_string, - otcrypto_hash_digest_t *digest) { + otcrypto_hash_digest_t digest) { // According to NIST SP 800-185 Section 3.2, cSHAKE call should use SHAKE, if // both `customization_string` and `function_name_string` are empty string if (customization_string.len == 0 && function_name_string.len == 0) { - switch (digest->mode) { + switch (digest.mode) { case kOtcryptoHashXofModeCshake128: return kmac_shake_128(input_message.data, input_message.len, - digest->data, digest->len); + digest.data, digest.len); case kOtcryptoHashXofModeCshake256: return kmac_shake_256(input_message.data, input_message.len, - digest->data, digest->len); + digest.data, digest.len); default: return OTCRYPTO_BAD_ARGS; } } - switch (digest->mode) { + switch (digest.mode) { case kOtcryptoHashXofModeCshake128: return kmac_cshake_128( input_message.data, input_message.len, function_name_string.data, function_name_string.len, customization_string.data, - customization_string.len, digest->data, digest->len); + customization_string.len, digest.data, digest.len); break; case kOtcryptoHashXofModeCshake256: return kmac_cshake_256( input_message.data, input_message.len, function_name_string.data, function_name_string.len, customization_string.data, - customization_string.len, digest->data, digest->len); + customization_string.len, digest.data, digest.len); default: return OTCRYPTO_BAD_ARGS; } @@ -378,14 +378,14 @@ otcrypto_status_t otcrypto_hash_update( } otcrypto_status_t otcrypto_hash_final(otcrypto_hash_context_t *const ctx, - otcrypto_hash_digest_t *digest) { - if (ctx == NULL || digest == NULL || digest->data == NULL) { + otcrypto_hash_digest_t digest) { + if (ctx == NULL || digest.data == NULL) { return OTCRYPTO_BAD_ARGS; } // Check that digest length and mode are consistent. HARDENED_TRY(check_digest_len(digest)); - if (ctx->mode != digest->mode) { + if (ctx->mode != digest.mode) { return OTCRYPTO_BAD_ARGS; } @@ -393,19 +393,19 @@ otcrypto_status_t otcrypto_hash_final(otcrypto_hash_context_t *const ctx, case kOtcryptoHashModeSha256: { sha256_state_t state; sha256_state_restore(ctx, &state); - HARDENED_TRY(sha256_final(&state, digest->data)); + HARDENED_TRY(sha256_final(&state, digest.data)); break; } case kOtcryptoHashModeSha384: { sha384_state_t state; sha384_state_restore(ctx, &state); - HARDENED_TRY(sha384_final(&state, digest->data)); + HARDENED_TRY(sha384_final(&state, digest.data)); break; } case kOtcryptoHashModeSha512: { sha512_state_t state; sha512_state_restore(ctx, &state); - HARDENED_TRY(sha512_final(&state, digest->data)); + HARDENED_TRY(sha512_final(&state, digest.data)); break; } default: diff --git a/sw/device/lib/crypto/impl/mac.c b/sw/device/lib/crypto/impl/mac.c index f77405528161ce..dc81a945af3098 100644 --- a/sw/device/lib/crypto/impl/mac.c +++ b/sw/device/lib/crypto/impl/mac.c @@ -193,7 +193,7 @@ otcrypto_status_t otcrypto_hmac_init(otcrypto_hmac_context_t *ctx, .len = key->config.key_length, .data = (unsigned char *)unmasked_key, }, - &key_digest)); + key_digest)); } // Compute (K0 ^ ipad). @@ -249,7 +249,7 @@ otcrypto_status_t otcrypto_hmac_final(otcrypto_hmac_context_t *const ctx, // Finalize the computation of the inner hash = H(K0 ^ ipad || message) and // store it in `tag` temporarily. - HARDENED_TRY(otcrypto_hash_final(&ctx->inner, &digest_buf)); + HARDENED_TRY(otcrypto_hash_final(&ctx->inner, digest_buf)); // Finalize the computation of the outer hash // = H(K0 ^ opad || H(K0 ^ ipad || message)). @@ -258,5 +258,5 @@ otcrypto_status_t otcrypto_hmac_final(otcrypto_hmac_context_t *const ctx, (otcrypto_const_byte_buf_t){.len = sizeof(uint32_t) * tag.len, .data = (unsigned char *)tag.data})); - return otcrypto_hash_final(&ctx->outer, &digest_buf); + return otcrypto_hash_final(&ctx->outer, digest_buf); } diff --git a/sw/device/lib/crypto/impl/rsa.c b/sw/device/lib/crypto/impl/rsa.c index 7d644f75f12b16..a401d736517e6a 100644 --- a/sw/device/lib/crypto/impl/rsa.c +++ b/sw/device/lib/crypto/impl/rsa.c @@ -289,10 +289,10 @@ otcrypto_status_t otcrypto_rsa_keypair_from_cofactor( return OTCRYPTO_OK; } -otcrypto_status_t otcrypto_rsa_sign( - const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, - otcrypto_rsa_padding_t padding_mode, otcrypto_word32_buf_t signature) { +otcrypto_status_t otcrypto_rsa_sign(const otcrypto_blinded_key_t *private_key, + const otcrypto_hash_digest_t message_digest, + otcrypto_rsa_padding_t padding_mode, + otcrypto_word32_buf_t signature) { HARDENED_TRY( otcrypto_rsa_sign_async_start(private_key, message_digest, padding_mode)); return otcrypto_rsa_sign_async_finalize(signature); @@ -300,7 +300,7 @@ otcrypto_status_t otcrypto_rsa_sign( otcrypto_status_t otcrypto_rsa_verify( const otcrypto_unblinded_key_t *public_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_rsa_padding_t padding_mode, otcrypto_const_word32_buf_t signature, hardened_bool_t *verification_result) { HARDENED_TRY(otcrypto_rsa_verify_async_start(public_key, signature)); @@ -612,11 +612,11 @@ static status_t key_mode_padding_check(otcrypto_key_mode_t key_mode, otcrypto_status_t otcrypto_rsa_sign_async_start( const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_rsa_padding_t padding_mode) { // Check for NULL pointers. - if (message_digest == NULL || message_digest->data == NULL || - private_key == NULL || private_key->keyblob == NULL) { + if (message_digest.data == NULL || private_key == NULL || + private_key->keyblob == NULL) { return OTCRYPTO_BAD_ARGS; } @@ -751,11 +751,10 @@ otcrypto_status_t otcrypto_rsa_verify_async_start( } otcrypto_status_t otcrypto_rsa_verify_async_finalize( - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_rsa_padding_t padding_mode, hardened_bool_t *verification_result) { // Check for NULL pointers. - if (message_digest == NULL || message_digest->data == NULL || - verification_result == NULL) { + if (message_digest.data == NULL || verification_result == NULL) { return OTCRYPTO_BAD_ARGS; } diff --git a/sw/device/lib/crypto/impl/rsa/rsa_padding.c b/sw/device/lib/crypto/impl/rsa/rsa_padding.c index 4a68c371dafc60..9c34ae2acd1d74 100644 --- a/sw/device/lib/crypto/impl/rsa/rsa_padding.c +++ b/sw/device/lib/crypto/impl/rsa/rsa_padding.c @@ -82,25 +82,25 @@ static status_t digest_info_length_get(const otcrypto_hash_mode_t hash_mode, * @return OTCRYPTO_BAD_ARGS if the hash function is not valid, otherwise OK. */ OT_WARN_UNUSED_RESULT -static status_t digest_info_write(const otcrypto_hash_digest_t *message_digest, +static status_t digest_info_write(const otcrypto_hash_digest_t message_digest, uint32_t *encoding) { - switch (message_digest->mode) { + switch (message_digest.mode) { case kOtcryptoHashModeSha256: - if (message_digest->len != kSha256DigestWords) { + if (message_digest.len != kSha256DigestWords) { return OTCRYPTO_BAD_ARGS; } memcpy(encoding + kSha256DigestWords, &kSha256DigestIdentifier, sizeof(kSha256DigestIdentifier)); break; case kOtcryptoHashModeSha384: - if (message_digest->len != kSha384DigestWords) { + if (message_digest.len != kSha384DigestWords) { return OTCRYPTO_BAD_ARGS; } memcpy(encoding + kSha384DigestWords, &kSha384DigestIdentifier, sizeof(kSha384DigestIdentifier)); break; case kOtcryptoHashModeSha512: - if (message_digest->len != kSha512DigestWords) { + if (message_digest.len != kSha512DigestWords) { return OTCRYPTO_BAD_ARGS; } memcpy(encoding + kSha512DigestWords, &kSha512DigestIdentifier, @@ -112,18 +112,18 @@ static status_t digest_info_write(const otcrypto_hash_digest_t *message_digest, }; // Copy the digest into the encoding, reversing the order of bytes. - for (size_t i = 0; i < message_digest->len / 2; i++) { - uint32_t tmp = __builtin_bswap32(message_digest->data[i]); + for (size_t i = 0; i < message_digest.len / 2; i++) { + uint32_t tmp = __builtin_bswap32(message_digest.data[i]); encoding[i] = - __builtin_bswap32(message_digest->data[message_digest->len - 1 - i]); - encoding[message_digest->len - 1 - i] = tmp; + __builtin_bswap32(message_digest.data[message_digest.len - 1 - i]); + encoding[message_digest.len - 1 - i] = tmp; } return OTCRYPTO_OK; } status_t rsa_padding_pkcs1v15_encode( - const otcrypto_hash_digest_t *message_digest, size_t encoded_message_len, + const otcrypto_hash_digest_t message_digest, size_t encoded_message_len, uint32_t *encoded_message) { // Initialize all bits of the encoded message to 1. size_t encoded_message_bytelen = encoded_message_len * sizeof(uint32_t); @@ -138,7 +138,7 @@ status_t rsa_padding_pkcs1v15_encode( // Get the length of the digest info (called T in the RFC). size_t tlen; - HARDENED_TRY(digest_info_length_get(message_digest->mode, &tlen)); + HARDENED_TRY(digest_info_length_get(message_digest.mode, &tlen)); if (tlen + 3 + 8 >= encoded_message_bytelen) { // Invalid encoded message length/hash function combination; the RFC @@ -156,7 +156,7 @@ status_t rsa_padding_pkcs1v15_encode( } status_t rsa_padding_pkcs1v15_verify( - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const uint32_t *encoded_message, const size_t encoded_message_len, hardened_bool_t *result) { // Re-encode the message. @@ -253,7 +253,7 @@ static status_t mgf1(otcrypto_hash_mode_t hash_mode, const uint8_t *seed, .data = hash_input, .len = sizeof(hash_input), }, - &digest)); + digest)); mask += digest_wordlen; mask_len -= digest_bytelen; } @@ -269,7 +269,7 @@ static status_t mgf1(otcrypto_hash_mode_t hash_mode, const uint8_t *seed, HARDENED_TRY( otcrypto_hash((otcrypto_const_byte_buf_t){.data = hash_input, .len = sizeof(hash_input)}, - &digest)); + digest)); hardened_memcpy(mask, digest_data, ceil_div(mask_len, sizeof(uint32_t))); return OTCRYPTO_OK; } @@ -304,36 +304,36 @@ static inline void reverse_bytes(size_t input_len, uint32_t *input) { * @param[out] h Resulting digest, H. */ OT_WARN_UNUSED_RESULT -static status_t pss_construct_h(const otcrypto_hash_digest_t *message_digest, +static status_t pss_construct_h(const otcrypto_hash_digest_t message_digest, const uint32_t *salt, size_t salt_len, uint32_t *h) { // Create a buffer for M' = (0x0000000000000000 || digest || salt). - size_t m_prime_wordlen = 2 + message_digest->len + salt_len; + size_t m_prime_wordlen = 2 + message_digest.len + salt_len; uint32_t m_prime[m_prime_wordlen]; m_prime[0] = 0; m_prime[1] = 0; uint32_t *digest_dst = &m_prime[2]; - uint32_t *salt_dst = digest_dst + message_digest->len; - hardened_memcpy(digest_dst, message_digest->data, message_digest->len); + uint32_t *salt_dst = digest_dst + message_digest.len; + hardened_memcpy(digest_dst, message_digest.data, message_digest.len); if (salt_len > 0) { hardened_memcpy(salt_dst, salt, salt_len); } // Construct H = Hash(M'). otcrypto_hash_digest_t h_buffer = { - .data = h, .len = message_digest->len, .mode = message_digest->mode}; + .data = h, .len = message_digest.len, .mode = message_digest.mode}; return otcrypto_hash( (otcrypto_const_byte_buf_t){.data = (unsigned char *)m_prime, .len = sizeof(m_prime)}, - &h_buffer); + h_buffer); } -status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t *message_digest, +status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t message_digest, const uint32_t *salt, size_t salt_len, size_t encoded_message_len, uint32_t *encoded_message) { // Check that the message length is long enough. - size_t digest_bytelen = message_digest->len * sizeof(uint32_t); + size_t digest_bytelen = message_digest.len * sizeof(uint32_t); size_t salt_bytelen = salt_len * sizeof(uint32_t); size_t encoded_message_bytelen = encoded_message_len * sizeof(uint32_t); if (encoded_message_bytelen < salt_bytelen + digest_bytelen + 2) { @@ -341,7 +341,7 @@ status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t *message_digest, } // Construct H = Hash(0x0000000000000000 || digest || salt). - uint32_t h[message_digest->len]; + uint32_t h[message_digest.len]; HARDENED_TRY(pss_construct_h(message_digest, salt, salt_len, h)); // Construct DB = 00...00 || 0x01 || salt. @@ -356,7 +356,7 @@ status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t *message_digest, // Compute the mask. uint32_t mask[ARRAYSIZE(db)]; - HARDENED_TRY(mgf1(message_digest->mode, (unsigned char *)h, sizeof(h), + HARDENED_TRY(mgf1(message_digest.mode, (unsigned char *)h, sizeof(h), db_bytelen, mask)); // Compute maskedDB = DB ^ mask. @@ -379,7 +379,7 @@ status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t *message_digest, return OTCRYPTO_OK; } -status_t rsa_padding_pss_verify(const otcrypto_hash_digest_t *message_digest, +status_t rsa_padding_pss_verify(const otcrypto_hash_digest_t message_digest, uint32_t *encoded_message, size_t encoded_message_len, hardened_bool_t *result) { @@ -387,7 +387,7 @@ status_t rsa_padding_pss_verify(const otcrypto_hash_digest_t *message_digest, *result = kHardenedBoolFalse; // Check that the message length is long enough. - size_t digest_bytelen = message_digest->len * sizeof(uint32_t); + size_t digest_bytelen = message_digest.len * sizeof(uint32_t); size_t salt_bytelen = digest_bytelen; size_t encoded_message_bytelen = encoded_message_len * sizeof(uint32_t); if (encoded_message_bytelen < salt_bytelen + digest_bytelen + 2) { @@ -413,13 +413,13 @@ status_t rsa_padding_pss_verify(const otcrypto_hash_digest_t *message_digest, } // Extract H. - uint32_t h[message_digest->len]; + uint32_t h[message_digest.len]; memcpy(h, encoded_message_bytes + db_bytelen, sizeof(h)); // Compute the mask = MFG(H, emLen - hLen - 1). Zero the last bytes if // needed. uint32_t mask[ARRAYSIZE(db)]; - HARDENED_TRY(mgf1(message_digest->mode, (unsigned char *)h, sizeof(h), + HARDENED_TRY(mgf1(message_digest.mode, (unsigned char *)h, sizeof(h), db_bytelen, mask)); if (sizeof(mask) > db_bytelen) { memset(((unsigned char *)mask) + db_bytelen, 0, sizeof(mask) - db_bytelen); @@ -453,11 +453,11 @@ status_t rsa_padding_pss_verify(const otcrypto_hash_digest_t *message_digest, } // Extract the salt. - uint32_t salt[message_digest->len]; + uint32_t salt[message_digest.len]; memcpy(salt, db_bytes + db_bytelen - salt_bytelen, sizeof(salt)); // Construct the expected value of H and compare. - uint32_t exp_h[message_digest->len]; + uint32_t exp_h[message_digest.len]; HARDENED_TRY(pss_construct_h(message_digest, salt, ARRAYSIZE(salt), exp_h)); *result = hardened_memeq(h, exp_h, ARRAYSIZE(exp_h)); return OTCRYPTO_OK; @@ -511,7 +511,7 @@ status_t rsa_padding_oaep_encode(const otcrypto_hash_mode_t hash_mode, .len = ARRAYSIZE(lhash_data), .mode = hash_mode, }; - HARDENED_TRY(otcrypto_hash(label_buf, &lhash)); + HARDENED_TRY(otcrypto_hash(label_buf, lhash)); // Generate a random string the same length as a hash digest (step 2d). uint32_t seed[digest_wordlen]; @@ -633,7 +633,7 @@ status_t rsa_padding_oaep_decode(const otcrypto_hash_mode_t hash_mode, .len = digest_wordlen, .mode = hash_mode, }; - HARDENED_TRY(otcrypto_hash(label_buf, &lhash)); + HARDENED_TRY(otcrypto_hash(label_buf, lhash)); // Note: as we compare parts of the encoded message to their expected values, // we must be careful that the attacker cannot differentiate error codes or diff --git a/sw/device/lib/crypto/impl/rsa/rsa_padding.h b/sw/device/lib/crypto/impl/rsa/rsa_padding.h index 6694d48ffc14c0..ef4925daba08fe 100644 --- a/sw/device/lib/crypto/impl/rsa/rsa_padding.h +++ b/sw/device/lib/crypto/impl/rsa/rsa_padding.h @@ -33,7 +33,7 @@ extern "C" { */ OT_WARN_UNUSED_RESULT status_t rsa_padding_pkcs1v15_encode( - const otcrypto_hash_digest_t *message_digest, size_t encoded_message_len, + const otcrypto_hash_digest_t message_digest, size_t encoded_message_len, uint32_t *encoded_message); /** @@ -56,7 +56,7 @@ status_t rsa_padding_pkcs1v15_encode( */ OT_WARN_UNUSED_RESULT status_t rsa_padding_pkcs1v15_verify( - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const uint32_t *encoded_message, const size_t encoded_message_len, hardened_bool_t *result); @@ -77,7 +77,7 @@ status_t rsa_padding_pkcs1v15_verify( * @return Result of the operation (OK or error). */ OT_WARN_UNUSED_RESULT -status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t *message_digest, +status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t message_digest, const uint32_t *salt, size_t salt_len, size_t encoded_message_len, uint32_t *encoded_message); @@ -107,7 +107,7 @@ status_t rsa_padding_pss_encode(const otcrypto_hash_digest_t *message_digest, * @return Result of the operation (OK or error). */ OT_WARN_UNUSED_RESULT -status_t rsa_padding_pss_verify(const otcrypto_hash_digest_t *message_digest, +status_t rsa_padding_pss_verify(const otcrypto_hash_digest_t message_digest, uint32_t *encoded_message, size_t encoded_message_len, hardened_bool_t *result); diff --git a/sw/device/lib/crypto/impl/rsa/rsa_signature.c b/sw/device/lib/crypto/impl/rsa/rsa_signature.c index 0b72b99d343ac3..14b46435b56f19 100644 --- a/sw/device/lib/crypto/impl/rsa/rsa_signature.c +++ b/sw/device/lib/crypto/impl/rsa/rsa_signature.c @@ -28,9 +28,9 @@ * @return Result of the operation (OK or BAD_ARGS). */ OT_WARN_UNUSED_RESULT -static status_t digest_check(const otcrypto_hash_digest_t *digest) { +static status_t digest_check(const otcrypto_hash_digest_t digest) { size_t num_words = 0; - switch (digest->mode) { + switch (digest.mode) { case kOtcryptoHashModeSha3_224: num_words = 224 / 32; break; @@ -54,7 +54,7 @@ static status_t digest_check(const otcrypto_hash_digest_t *digest) { } HARDENED_CHECK_GT(num_words, 0); - if (num_words != digest->len) { + if (num_words != digest.len) { return OTCRYPTO_BAD_ARGS; } return OTCRYPTO_OK; @@ -70,7 +70,7 @@ static status_t digest_check(const otcrypto_hash_digest_t *digest) { * @return Result of the operation (OK or error). */ OT_WARN_UNUSED_RESULT -static status_t message_encode(const otcrypto_hash_digest_t *message_digest, +static status_t message_encode(const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode, size_t encoded_message_len, uint32_t *encoded_message) { @@ -83,7 +83,7 @@ static status_t message_encode(const otcrypto_hash_digest_t *message_digest, encoded_message); case kRsaSignaturePaddingPss: { // Generate a random salt value whose length matches the digest length. - uint32_t salt[message_digest->len]; + uint32_t salt[message_digest.len]; HARDENED_TRY(entropy_complex_check()); HARDENED_TRY(entropy_csrng_uninstantiate()); HARDENED_TRY(entropy_csrng_instantiate( @@ -123,7 +123,7 @@ static status_t message_encode(const otcrypto_hash_digest_t *message_digest, */ OT_WARN_UNUSED_RESULT static status_t encoded_message_verify( - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode, uint32_t *encoded_message, const size_t encoded_message_len, hardened_bool_t *result) { // Check that the digest length is OK. @@ -148,7 +148,7 @@ static status_t encoded_message_verify( status_t rsa_signature_generate_2048_start( const rsa_2048_private_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode) { // Encode the message. rsa_2048_int_t encoded_message; @@ -173,7 +173,7 @@ status_t rsa_signature_verify_2048_start( } status_t rsa_signature_verify_finalize( - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode, hardened_bool_t *verification_result) { // Wait for OTBN to complete and get the size for the last RSA operation. @@ -216,7 +216,7 @@ status_t rsa_signature_verify_finalize( status_t rsa_signature_generate_3072_start( const rsa_3072_private_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode) { // Encode the message. rsa_3072_int_t encoded_message; @@ -242,7 +242,7 @@ status_t rsa_signature_verify_3072_start( status_t rsa_signature_generate_4096_start( const rsa_4096_private_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode) { // Encode the message. rsa_4096_int_t encoded_message; diff --git a/sw/device/lib/crypto/impl/rsa/rsa_signature.h b/sw/device/lib/crypto/impl/rsa/rsa_signature.h index ce95959928e6dd..00e37cb1f1f45a 100644 --- a/sw/device/lib/crypto/impl/rsa/rsa_signature.h +++ b/sw/device/lib/crypto/impl/rsa/rsa_signature.h @@ -55,7 +55,7 @@ typedef enum rsa_signature_padding { OT_WARN_UNUSED_RESULT status_t rsa_signature_generate_2048_start( const rsa_2048_private_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode); /** @@ -102,7 +102,7 @@ status_t rsa_signature_verify_2048_start( */ OT_WARN_UNUSED_RESULT status_t rsa_signature_verify_finalize( - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode, hardened_bool_t *verification_result); @@ -121,7 +121,7 @@ status_t rsa_signature_verify_finalize( OT_WARN_UNUSED_RESULT status_t rsa_signature_generate_3072_start( const rsa_3072_private_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode); /** @@ -164,7 +164,7 @@ status_t rsa_signature_verify_3072_start( OT_WARN_UNUSED_RESULT status_t rsa_signature_generate_4096_start( const rsa_4096_private_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const rsa_signature_padding_t padding_mode); /** diff --git a/sw/device/lib/crypto/include/ecc.h b/sw/device/lib/crypto/include/ecc.h index 6d435e2d5846f8..33b0f794720a85 100644 --- a/sw/device/lib/crypto/include/ecc.h +++ b/sw/device/lib/crypto/include/ecc.h @@ -131,7 +131,7 @@ otcrypto_status_t otcrypto_ecdsa_keygen( OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_sign( const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const otcrypto_ecc_curve_t *elliptic_curve, otcrypto_word32_buf_t signature); @@ -159,7 +159,7 @@ otcrypto_status_t otcrypto_ecdsa_sign( OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_verify( const otcrypto_unblinded_key_t *public_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_const_word32_buf_t signature, const otcrypto_ecc_curve_t *elliptic_curve, hardened_bool_t *verification_result); @@ -372,7 +372,7 @@ otcrypto_status_t otcrypto_ecdsa_keygen_async_finalize( OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_sign_async_start( const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, const otcrypto_ecc_curve_t *elliptic_curve); /** @@ -412,7 +412,7 @@ otcrypto_status_t otcrypto_ecdsa_sign_async_finalize( OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_verify_async_start( const otcrypto_unblinded_key_t *public_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_const_word32_buf_t signature, const otcrypto_ecc_curve_t *elliptic_curve); diff --git a/sw/device/lib/crypto/include/hash.h b/sw/device/lib/crypto/include/hash.h index 8ffe6da4e41825..6d306417a3270c 100644 --- a/sw/device/lib/crypto/include/hash.h +++ b/sw/device/lib/crypto/include/hash.h @@ -48,7 +48,7 @@ typedef struct otcrypto_hash_context { * @return Result of the hash operation. */ otcrypto_status_t otcrypto_hash(otcrypto_const_byte_buf_t input_message, - otcrypto_hash_digest_t *digest); + otcrypto_hash_digest_t digest); /** * Performs the SHAKE extendable output function (XOF) on input data. @@ -63,7 +63,7 @@ otcrypto_status_t otcrypto_hash(otcrypto_const_byte_buf_t input_message, * @return Result of the xof operation. */ otcrypto_status_t otcrypto_xof_shake(otcrypto_const_byte_buf_t input_message, - otcrypto_hash_digest_t *digest); + otcrypto_hash_digest_t digest); /** * Performs the CSHAKE extendable output function (XOF) on input data. @@ -88,7 +88,7 @@ otcrypto_status_t otcrypto_xof_cshake( otcrypto_const_byte_buf_t input_message, otcrypto_const_byte_buf_t function_name_string, otcrypto_const_byte_buf_t customization_string, - otcrypto_hash_digest_t *digest); + otcrypto_hash_digest_t digest); /** * Performs the INIT operation for a cryptographic hash function. @@ -143,7 +143,7 @@ otcrypto_status_t otcrypto_hash_update(otcrypto_hash_context_t *const ctx, * @return Result of the hash final operation. */ otcrypto_status_t otcrypto_hash_final(otcrypto_hash_context_t *const ctx, - otcrypto_hash_digest_t *digest); + otcrypto_hash_digest_t digest); #ifdef __cplusplus } // extern "C" diff --git a/sw/device/lib/crypto/include/rsa.h b/sw/device/lib/crypto/include/rsa.h index ed13b198d49eeb..849eb54a3aaa28 100644 --- a/sw/device/lib/crypto/include/rsa.h +++ b/sw/device/lib/crypto/include/rsa.h @@ -174,10 +174,10 @@ otcrypto_status_t otcrypto_rsa_keypair_from_cofactor( * @param[out] signature Pointer to the generated signature struct. * @return The result of the RSA signature generation. */ -otcrypto_status_t otcrypto_rsa_sign( - const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, - otcrypto_rsa_padding_t padding_mode, otcrypto_word32_buf_t signature); +otcrypto_status_t otcrypto_rsa_sign(const otcrypto_blinded_key_t *private_key, + const otcrypto_hash_digest_t message_digest, + otcrypto_rsa_padding_t padding_mode, + otcrypto_word32_buf_t signature); /** * Verifies the authenticity of the input signature. @@ -195,7 +195,7 @@ otcrypto_status_t otcrypto_rsa_sign( */ otcrypto_status_t otcrypto_rsa_verify( const otcrypto_unblinded_key_t *public_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_rsa_padding_t padding_mode, otcrypto_const_word32_buf_t signature, hardened_bool_t *verification_result); @@ -344,7 +344,7 @@ otcrypto_status_t otcrypto_rsa_keypair_from_cofactor_async_finalize( */ otcrypto_status_t otcrypto_rsa_sign_async_start( const otcrypto_blinded_key_t *private_key, - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_rsa_padding_t padding_mode); /** @@ -385,7 +385,7 @@ otcrypto_status_t otcrypto_rsa_verify_async_start( * @return Result of async RSA verify finalize operation. */ otcrypto_status_t otcrypto_rsa_verify_async_finalize( - const otcrypto_hash_digest_t *message_digest, + const otcrypto_hash_digest_t message_digest, otcrypto_rsa_padding_t padding_mode, hardened_bool_t *verification_result); /** diff --git a/sw/device/tests/crypto/ecdsa_p256_functest.c b/sw/device/tests/crypto/ecdsa_p256_functest.c index 9e21f5dfdd7854..6f777cc25ed216 100644 --- a/sw/device/tests/crypto/ecdsa_p256_functest.c +++ b/sw/device/tests/crypto/ecdsa_p256_functest.c @@ -73,7 +73,7 @@ status_t sign_then_verify_test(hardened_bool_t *verification_result) { .len = ARRAYSIZE(msg_digest_data), .mode = kOtcryptoHashModeSha256, }; - TRY(otcrypto_hash(msg, &msg_digest)); + TRY(otcrypto_hash(msg, msg_digest)); // Allocate space for the signature. uint32_t sig[kP256SignatureWords] = {0}; diff --git a/sw/device/tests/crypto/ecdsa_p256_sideload_functest.c b/sw/device/tests/crypto/ecdsa_p256_sideload_functest.c index 83329c3a80ed31..daf3e9efc14455 100644 --- a/sw/device/tests/crypto/ecdsa_p256_sideload_functest.c +++ b/sw/device/tests/crypto/ecdsa_p256_sideload_functest.c @@ -84,7 +84,7 @@ status_t sign_then_verify_test(void) { .len = ARRAYSIZE(message_digest_data), .mode = kOtcryptoHashModeSha256, }; - TRY(otcrypto_hash(message, &message_digest)); + TRY(otcrypto_hash(message, message_digest)); // Allocate space for the signature. uint32_t sig[kP256SignatureWords] = {0}; @@ -92,14 +92,14 @@ status_t sign_then_verify_test(void) { // Generate a signature for the message. LOG_INFO("Signing..."); CHECK_STATUS_OK(otcrypto_ecdsa_sign( - &private_key, &message_digest, &kCurveP256, + &private_key, message_digest, &kCurveP256, (otcrypto_word32_buf_t){.data = sig, .len = ARRAYSIZE(sig)})); // Verify the signature. LOG_INFO("Verifying..."); hardened_bool_t verification_result; CHECK_STATUS_OK(otcrypto_ecdsa_verify( - &public_key, &message_digest, + &public_key, message_digest, (otcrypto_const_word32_buf_t){.data = sig, .len = ARRAYSIZE(sig)}, &kCurveP256, &verification_result)); diff --git a/sw/device/tests/crypto/kmac_functest.c b/sw/device/tests/crypto/kmac_functest.c index 4c434f0d1bb16d..83f6440f0d66df 100644 --- a/sw/device/tests/crypto/kmac_functest.c +++ b/sw/device/tests/crypto/kmac_functest.c @@ -130,7 +130,7 @@ static status_t run_test_vector(void) { case kKmacTestOperationShake: { TRY(get_shake_mode(current_test_vector->security_strength, &digest_buf.mode)); - TRY(otcrypto_xof_shake(current_test_vector->input_msg, &digest_buf)); + TRY(otcrypto_xof_shake(current_test_vector->input_msg, digest_buf)); break; } case kKmacTestOperationCshake: { @@ -138,13 +138,13 @@ static status_t run_test_vector(void) { &digest_buf.mode)); TRY(otcrypto_xof_cshake(current_test_vector->input_msg, current_test_vector->func_name, - current_test_vector->cust_str, &digest_buf)); + current_test_vector->cust_str, digest_buf)); break; } case kKmacTestOperationSha3: { TRY(get_sha3_mode(current_test_vector->security_strength, &digest_buf.mode)); - TRY(otcrypto_hash(current_test_vector->input_msg, &digest_buf)); + TRY(otcrypto_hash(current_test_vector->input_msg, digest_buf)); break; } case kKmacTestOperationKmac: { diff --git a/sw/device/tests/crypto/rsa_2048_signature_functest.c b/sw/device/tests/crypto/rsa_2048_signature_functest.c index 51a49af3dcb0be..c52f1cf170914d 100644 --- a/sw/device/tests/crypto/rsa_2048_signature_functest.c +++ b/sw/device/tests/crypto/rsa_2048_signature_functest.c @@ -160,14 +160,14 @@ static status_t run_rsa_2048_sign(const uint8_t *msg, size_t msg_len, .len = ARRAYSIZE(msg_digest_data), .mode = kOtcryptoHashModeSha256, }; - TRY(otcrypto_hash(msg_buf, &msg_digest)); + TRY(otcrypto_hash(msg_buf, msg_digest)); otcrypto_word32_buf_t sig_buf = { .data = sig, .len = kRsa2048NumWords, }; uint64_t t_start = profile_start(); - TRY(otcrypto_rsa_sign(&private_key, &msg_digest, padding_mode, sig_buf)); + TRY(otcrypto_rsa_sign(&private_key, msg_digest, padding_mode, sig_buf)); profile_end_and_print(t_start, "RSA signature generation"); return OK_STATUS(); @@ -226,14 +226,14 @@ static status_t run_rsa_2048_verify(const uint8_t *msg, size_t msg_len, .len = ARRAYSIZE(msg_digest_data), .mode = kOtcryptoHashModeSha256, }; - TRY(otcrypto_hash(msg_buf, &msg_digest)); + TRY(otcrypto_hash(msg_buf, msg_digest)); otcrypto_const_word32_buf_t sig_buf = { .data = sig, .len = kRsa2048NumWords, }; uint64_t t_start = profile_start(); - TRY(otcrypto_rsa_verify(&public_key, &msg_digest, padding_mode, sig_buf, + TRY(otcrypto_rsa_verify(&public_key, msg_digest, padding_mode, sig_buf, verification_result)); profile_end_and_print(t_start, "RSA verify"); diff --git a/sw/device/tests/crypto/rsa_3072_signature_functest.c b/sw/device/tests/crypto/rsa_3072_signature_functest.c index 4521eae26a4c5c..b5ef37d79d8e5c 100644 --- a/sw/device/tests/crypto/rsa_3072_signature_functest.c +++ b/sw/device/tests/crypto/rsa_3072_signature_functest.c @@ -186,7 +186,7 @@ static status_t run_rsa_3072_sign(const uint8_t *msg, size_t msg_len, .len = ARRAYSIZE(msg_digest_data), .mode = kOtcryptoHashModeSha512, }; - TRY(otcrypto_hash(msg_buf, &msg_digest)); + TRY(otcrypto_hash(msg_buf, msg_digest)); otcrypto_word32_buf_t sig_buf = { .data = sig, @@ -194,7 +194,7 @@ static status_t run_rsa_3072_sign(const uint8_t *msg, size_t msg_len, }; uint64_t t_start = profile_start(); - TRY(otcrypto_rsa_sign(&private_key, &msg_digest, padding_mode, sig_buf)); + TRY(otcrypto_rsa_sign(&private_key, msg_digest, padding_mode, sig_buf)); profile_end_and_print(t_start, "RSA signature generation"); return OK_STATUS(); @@ -253,7 +253,7 @@ static status_t run_rsa_3072_verify(const uint8_t *msg, size_t msg_len, .len = ARRAYSIZE(msg_digest_data), .mode = kOtcryptoHashModeSha512, }; - TRY(otcrypto_hash(msg_buf, &msg_digest)); + TRY(otcrypto_hash(msg_buf, msg_digest)); otcrypto_const_word32_buf_t sig_buf = { .data = sig, @@ -261,7 +261,7 @@ static status_t run_rsa_3072_verify(const uint8_t *msg, size_t msg_len, }; uint64_t t_start = profile_start(); - TRY(otcrypto_rsa_verify(&public_key, &msg_digest, padding_mode, sig_buf, + TRY(otcrypto_rsa_verify(&public_key, msg_digest, padding_mode, sig_buf, verification_result)); profile_end_and_print(t_start, "RSA verify"); diff --git a/sw/device/tests/crypto/rsa_4096_signature_functest.c b/sw/device/tests/crypto/rsa_4096_signature_functest.c index aee95c1b935e0b..b6228135c03e18 100644 --- a/sw/device/tests/crypto/rsa_4096_signature_functest.c +++ b/sw/device/tests/crypto/rsa_4096_signature_functest.c @@ -215,7 +215,7 @@ static status_t run_rsa_4096_sign(const uint8_t *msg, size_t msg_len, .len = ARRAYSIZE(msg_digest_data), .mode = kOtcryptoHashModeSha512, }; - TRY(otcrypto_hash(msg_buf, &msg_digest)); + TRY(otcrypto_hash(msg_buf, msg_digest)); otcrypto_word32_buf_t sig_buf = { .data = sig, @@ -223,7 +223,7 @@ static status_t run_rsa_4096_sign(const uint8_t *msg, size_t msg_len, }; uint64_t t_start = profile_start(); - TRY(otcrypto_rsa_sign(&private_key, &msg_digest, padding_mode, sig_buf)); + TRY(otcrypto_rsa_sign(&private_key, msg_digest, padding_mode, sig_buf)); profile_end_and_print(t_start, "RSA signature generation"); return OK_STATUS(); @@ -282,7 +282,7 @@ static status_t run_rsa_4096_verify(const uint8_t *msg, size_t msg_len, .len = ARRAYSIZE(msg_digest_data), .mode = kOtcryptoHashModeSha512, }; - TRY(otcrypto_hash(msg_buf, &msg_digest)); + TRY(otcrypto_hash(msg_buf, msg_digest)); otcrypto_const_word32_buf_t sig_buf = { .data = sig, @@ -290,7 +290,7 @@ static status_t run_rsa_4096_verify(const uint8_t *msg, size_t msg_len, }; uint64_t t_start = profile_start(); - TRY(otcrypto_rsa_verify(&public_key, &msg_digest, padding_mode, sig_buf, + TRY(otcrypto_rsa_verify(&public_key, msg_digest, padding_mode, sig_buf, verification_result)); profile_end_and_print(t_start, "RSA verify"); diff --git a/sw/device/tests/crypto/sha256_functest.c b/sw/device/tests/crypto/sha256_functest.c index bca114b8c9bb12..527febaa641aa6 100644 --- a/sw/device/tests/crypto/sha256_functest.c +++ b/sw/device/tests/crypto/sha256_functest.c @@ -62,7 +62,7 @@ static status_t run_test(otcrypto_const_byte_buf_t msg, .len = kHmacDigestNumWords, .mode = kOtcryptoHashModeSha256, }; - TRY(otcrypto_hash(msg, &digest_buf)); + TRY(otcrypto_hash(msg, digest_buf)); TRY_CHECK_ARRAYS_EQ(act_digest, exp_digest, kHmacDigestNumWords); return OK_STATUS(); } @@ -125,7 +125,7 @@ static status_t one_update_streaming_test(void) { .len = digest_num_words, .mode = kOtcryptoHashModeSha256, }; - TRY(otcrypto_hash_final(&ctx, &digest_buf)); + TRY(otcrypto_hash_final(&ctx, digest_buf)); TRY_CHECK_ARRAYS_EQ((unsigned char *)act_digest, kExactBlockExpDigest, sizeof(kExactBlockExpDigest)); return OK_STATUS(); @@ -161,7 +161,7 @@ static status_t multiple_update_streaming_test(void) { .len = digest_num_words, .mode = kOtcryptoHashModeSha256, }; - TRY(otcrypto_hash_final(&ctx, &digest_buf)); + TRY(otcrypto_hash_final(&ctx, digest_buf)); TRY_CHECK_ARRAYS_EQ((unsigned char *)act_digest, kTwoBlockExpDigest, sizeof(kTwoBlockExpDigest)); return OK_STATUS(); diff --git a/sw/device/tests/crypto/sha384_functest.c b/sw/device/tests/crypto/sha384_functest.c index 48fe0b232a3733..7ac6866b2a114c 100644 --- a/sw/device/tests/crypto/sha384_functest.c +++ b/sw/device/tests/crypto/sha384_functest.c @@ -65,7 +65,7 @@ status_t sha384_test(const unsigned char *msg, const size_t msg_len, .len = ARRAYSIZE(actual_digest_data), .mode = kOtcryptoHashModeSha384, }; - TRY(otcrypto_hash(input_message, &actual_digest)); + TRY(otcrypto_hash(input_message, actual_digest)); // Check that the expected and actual digests match. TRY_CHECK_ARRAYS_EQ((unsigned char *)actual_digest_data, expected_digest, @@ -102,7 +102,7 @@ status_t sha384_streaming_test(const unsigned char *msg, size_t msg_len, .len = ARRAYSIZE(actual_digest_data), .mode = kOtcryptoHashModeSha384, }; - TRY(otcrypto_hash_final(&ctx, &actual_digest)); + TRY(otcrypto_hash_final(&ctx, actual_digest)); // Check that the expected and actual digests match. TRY_CHECK_ARRAYS_EQ((unsigned char *)actual_digest_data, expected_digest, diff --git a/sw/device/tests/crypto/sha512_functest.c b/sw/device/tests/crypto/sha512_functest.c index 24fa068c220fa1..5955e3985c1391 100644 --- a/sw/device/tests/crypto/sha512_functest.c +++ b/sw/device/tests/crypto/sha512_functest.c @@ -58,7 +58,7 @@ status_t sha512_test(const unsigned char *msg, const size_t msg_len, .data = actual_digest_data, .mode = kOtcryptoHashModeSha512, }; - TRY(otcrypto_hash(input_message, &actual_digest)); + TRY(otcrypto_hash(input_message, actual_digest)); // Check that the expected and actual digests match. TRY_CHECK_ARRAYS_EQ((unsigned char *)actual_digest_data, expected_digest, @@ -95,7 +95,7 @@ status_t sha512_streaming_test(const unsigned char *msg, size_t msg_len, .len = ARRAYSIZE(actual_digest_data), .mode = kOtcryptoHashModeSha512, }; - TRY(otcrypto_hash_final(&ctx, &actual_digest)); + TRY(otcrypto_hash_final(&ctx, actual_digest)); // Check that the expected and actual digests match. TRY_CHECK_ARRAYS_EQ((unsigned char *)actual_digest_data, expected_digest,