[cryptolib] Fix hash references in other functests

Previously, RSA and ECDSA tests were using driver-level HMAC calls for SHA-256. This commit replaces it with `otcrypto_hash` calls to make it more stable, API-wise. Signed-off-by: Fatih Balli <[email protected]>
lowRISC · Jun 3, 2024 · dd0b538 · dd0b538
1 parent 8a89ba9
commit dd0b538
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 27 deletions.
diff --git a/sw/device/lib/crypto/impl/rsa/BUILD b/sw/device/lib/crypto/impl/rsa/BUILD
@@ -102,8 +102,8 @@ cc_library(
         "//sw/device/lib/base:hardened",
         "//sw/device/lib/base:macros",
         "//sw/device/lib/base:memory",
-        "//sw/device/lib/crypto/drivers:hmac",
         "//sw/device/lib/crypto/drivers:otbn",
+        "//sw/device/lib/crypto/impl:hash",
         "//sw/otbn/crypto:run_rsa_verify_3072",
     ],
 )
diff --git a/sw/device/lib/crypto/impl/rsa/rsa_3072_verify.c b/sw/device/lib/crypto/impl/rsa/rsa_3072_verify.c
@@ -7,9 +7,9 @@
 #include "sw/device/lib/base/hardened.h"
 #include "sw/device/lib/base/macros.h"
 #include "sw/device/lib/base/memory.h"
-#include "sw/device/lib/crypto/drivers/hmac.h"
 #include "sw/device/lib/crypto/drivers/otbn.h"
 #include "sw/device/lib/crypto/impl/status.h"
+#include "sw/device/lib/crypto/include/hash.h"
 
 #include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
 
@@ -76,20 +76,24 @@ status_t rsa_3072_encode_sha256(const uint8_t *msg, size_t msgLen,
   // Set 0x00 || 0x01 bytes at most significant end
   result->data[kRsa3072NumWords - 1] = 0x0001ffff;
 
-  // Compute the SHA-256 digest using the HMAC HWIP.
-  hmac_ctx_t hwip_ctx;
-  hmac_digest_t digest = {
-      .len = kHmacSha256DigestBytes,
+  // Hash message.
+  otcrypto_const_byte_buf_t msg_buf = {
+      .data = msg,
+      .len = msgLen,
   };
-  TRY(hmac_init(&hwip_ctx, kHmacModeSha256, /*key=*/NULL));
-  TRY(hmac_update(&hwip_ctx, msg, msgLen));
-  TRY(hmac_final(&hwip_ctx, &digest));
+  uint32_t digest_buf[kSha256DigestWords];
+  otcrypto_hash_digest_t digest = {
+      .mode = kOtcryptoHashModeSha256,
+      .data = digest_buf,
+      .len = kSha256DigestWords,
+  };
+  TRY(otcrypto_hash(msg_buf, digest));
 
   // Copy the message digest into the least significant end of the result,
   // reversing the order of bytes to get little-endian form.
   for (size_t i = 0; i < kHmacSha256DigestWords; i++) {
     result->data[i] =
-        __builtin_bswap32(digest.digest[kHmacSha256DigestWords - 1 - i]);
+        __builtin_bswap32(digest.data[kHmacSha256DigestWords - 1 - i]);
   }
 
   // Set remainder of 0x00 || T section

diff --git a/sw/device/tests/crypto/BUILD b/sw/device/tests/crypto/BUILD
@@ -527,8 +527,8 @@ opentitan_test(
     ),
     deps = [
         ":ecdsa_p256_verify_testvectors_hardcoded_header",
-        "//sw/device/lib/crypto/drivers:hmac",
         "//sw/device/lib/crypto/drivers:otbn",
+        "//sw/device/lib/crypto/impl:hash",
         "//sw/device/lib/crypto/impl/ecc:ecdsa_p256",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ottf_main",
@@ -780,8 +780,8 @@ opentitan_test(
     deps = [
         ":rsa_3072_verify_testvectors_hardcoded_header",
         "//sw/device/lib/crypto/drivers:entropy",
-        "//sw/device/lib/crypto/drivers:hmac",
         "//sw/device/lib/crypto/drivers:otbn",
+        "//sw/device/lib/crypto/impl:hash",
         "//sw/device/lib/crypto/impl/rsa:rsa_3072_verify",
         "//sw/device/lib/runtime:log",
         "//sw/device/lib/testing/test_framework:ottf_main",

diff --git a/sw/device/tests/crypto/ecdsa_p256_verify_functest.c b/sw/device/tests/crypto/ecdsa_p256_verify_functest.c
@@ -3,9 +3,9 @@
 // SPDX-License-Identifier: Apache-2.0
 
 #include "sw/device/lib/crypto/drivers/entropy.h"
-#include "sw/device/lib/crypto/drivers/hmac.h"
 #include "sw/device/lib/crypto/drivers/otbn.h"
 #include "sw/device/lib/crypto/impl/ecc/ecdsa_p256.h"
+#include "sw/device/lib/crypto/include/hash.h"
 #include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
@@ -16,26 +16,23 @@
 // the version of this file matching the Bazel rule under test.
 #include "ecdsa_p256_verify_testvectors.h"
 
-static status_t compute_digest(size_t msg_len, const uint8_t *msg,
-                               hmac_digest_t *digest) {
-  // Compute the SHA-256 digest using the HMAC HWIP.
-  hmac_ctx_t hwip_ctx;
-  TRY(hmac_init(&hwip_ctx, kHmacModeSha256, /*key=*/NULL));
-  TRY(hmac_update(&hwip_ctx, msg, msg_len));
-  TRY(hmac_final(&hwip_ctx, digest));
-  return OTCRYPTO_OK;
-}
-
 status_t ecdsa_p256_verify_test(
     const ecdsa_p256_verify_test_vector_t *testvec) {
   // Hash message.
-  hmac_digest_t digest = {
-      .len = kHmacSha256DigestBytes,
+  otcrypto_const_byte_buf_t msg_buf = {
+      .data = testvec->msg,
+      .len = testvec->msg_len,
+  };
+  uint32_t digest_buf[kSha256DigestWords];
+  otcrypto_hash_digest_t digest = {
+      .mode = kOtcryptoHashModeSha256,
+      .data = digest_buf,
+      .len = kSha256DigestWords,
   };
-  TRY(compute_digest(testvec->msg_len, testvec->msg, &digest));
+  TRY(otcrypto_hash(msg_buf, digest));
 
   // Attempt to verify signature.
-  TRY(ecdsa_p256_verify_start(&testvec->signature, digest.digest,
+  TRY(ecdsa_p256_verify_start(&testvec->signature, digest.data,
                               &testvec->public_key));
   hardened_bool_t result;
   TRY(ecdsa_p256_verify_finalize(&testvec->signature, &result));