From dd0b53824bdf7461e097666467611cca8eb5458c Mon Sep 17 00:00:00 2001 From: Fatih Balli Date: Mon, 27 May 2024 22:05:08 +0000 Subject: [PATCH] [cryptolib] Fix hash references in other functests Previously, RSA and ECDSA tests were using driver-level HMAC calls for SHA-256. This commit replaces it with `otcrypto_hash` calls to make it more stable, API-wise. Signed-off-by: Fatih Balli --- sw/device/lib/crypto/impl/rsa/BUILD | 2 +- .../lib/crypto/impl/rsa/rsa_3072_verify.c | 22 ++++++++------- sw/device/tests/crypto/BUILD | 4 +-- .../tests/crypto/ecdsa_p256_verify_functest.c | 27 +++++++++---------- 4 files changed, 28 insertions(+), 27 deletions(-) diff --git a/sw/device/lib/crypto/impl/rsa/BUILD b/sw/device/lib/crypto/impl/rsa/BUILD index b4b09739f2033..f2d1e2a430e55 100644 --- a/sw/device/lib/crypto/impl/rsa/BUILD +++ b/sw/device/lib/crypto/impl/rsa/BUILD @@ -102,8 +102,8 @@ cc_library( "//sw/device/lib/base:hardened", "//sw/device/lib/base:macros", "//sw/device/lib/base:memory", - "//sw/device/lib/crypto/drivers:hmac", "//sw/device/lib/crypto/drivers:otbn", + "//sw/device/lib/crypto/impl:hash", "//sw/otbn/crypto:run_rsa_verify_3072", ], ) diff --git a/sw/device/lib/crypto/impl/rsa/rsa_3072_verify.c b/sw/device/lib/crypto/impl/rsa/rsa_3072_verify.c index bf8a473c75e04..0c0648bbe31eb 100644 --- a/sw/device/lib/crypto/impl/rsa/rsa_3072_verify.c +++ b/sw/device/lib/crypto/impl/rsa/rsa_3072_verify.c @@ -7,9 +7,9 @@ #include "sw/device/lib/base/hardened.h" #include "sw/device/lib/base/macros.h" #include "sw/device/lib/base/memory.h" -#include "sw/device/lib/crypto/drivers/hmac.h" #include "sw/device/lib/crypto/drivers/otbn.h" #include "sw/device/lib/crypto/impl/status.h" +#include "sw/device/lib/crypto/include/hash.h" #include "hw/top_earlgrey/sw/autogen/top_earlgrey.h" @@ -76,20 +76,24 @@ status_t rsa_3072_encode_sha256(const uint8_t *msg, size_t msgLen, // Set 0x00 || 0x01 bytes at most significant end result->data[kRsa3072NumWords - 1] = 0x0001ffff; - // Compute the SHA-256 digest using the HMAC HWIP. - hmac_ctx_t hwip_ctx; - hmac_digest_t digest = { - .len = kHmacSha256DigestBytes, + // Hash message. + otcrypto_const_byte_buf_t msg_buf = { + .data = msg, + .len = msgLen, }; - TRY(hmac_init(&hwip_ctx, kHmacModeSha256, /*key=*/NULL)); - TRY(hmac_update(&hwip_ctx, msg, msgLen)); - TRY(hmac_final(&hwip_ctx, &digest)); + uint32_t digest_buf[kSha256DigestWords]; + otcrypto_hash_digest_t digest = { + .mode = kOtcryptoHashModeSha256, + .data = digest_buf, + .len = kSha256DigestWords, + }; + TRY(otcrypto_hash(msg_buf, digest)); // Copy the message digest into the least significant end of the result, // reversing the order of bytes to get little-endian form. for (size_t i = 0; i < kHmacSha256DigestWords; i++) { result->data[i] = - __builtin_bswap32(digest.digest[kHmacSha256DigestWords - 1 - i]); + __builtin_bswap32(digest.data[kHmacSha256DigestWords - 1 - i]); } // Set remainder of 0x00 || T section diff --git a/sw/device/tests/crypto/BUILD b/sw/device/tests/crypto/BUILD index 33a35ea662507..669442389480b 100644 --- a/sw/device/tests/crypto/BUILD +++ b/sw/device/tests/crypto/BUILD @@ -527,8 +527,8 @@ opentitan_test( ), deps = [ ":ecdsa_p256_verify_testvectors_hardcoded_header", - "//sw/device/lib/crypto/drivers:hmac", "//sw/device/lib/crypto/drivers:otbn", + "//sw/device/lib/crypto/impl:hash", "//sw/device/lib/crypto/impl/ecc:ecdsa_p256", "//sw/device/lib/runtime:log", "//sw/device/lib/testing/test_framework:ottf_main", @@ -780,8 +780,8 @@ opentitan_test( deps = [ ":rsa_3072_verify_testvectors_hardcoded_header", "//sw/device/lib/crypto/drivers:entropy", - "//sw/device/lib/crypto/drivers:hmac", "//sw/device/lib/crypto/drivers:otbn", + "//sw/device/lib/crypto/impl:hash", "//sw/device/lib/crypto/impl/rsa:rsa_3072_verify", "//sw/device/lib/runtime:log", "//sw/device/lib/testing/test_framework:ottf_main", diff --git a/sw/device/tests/crypto/ecdsa_p256_verify_functest.c b/sw/device/tests/crypto/ecdsa_p256_verify_functest.c index a19bdcc65c24b..ef6d391e5ea23 100644 --- a/sw/device/tests/crypto/ecdsa_p256_verify_functest.c +++ b/sw/device/tests/crypto/ecdsa_p256_verify_functest.c @@ -3,9 +3,9 @@ // SPDX-License-Identifier: Apache-2.0 #include "sw/device/lib/crypto/drivers/entropy.h" -#include "sw/device/lib/crypto/drivers/hmac.h" #include "sw/device/lib/crypto/drivers/otbn.h" #include "sw/device/lib/crypto/impl/ecc/ecdsa_p256.h" +#include "sw/device/lib/crypto/include/hash.h" #include "sw/device/lib/runtime/log.h" #include "sw/device/lib/testing/test_framework/check.h" #include "sw/device/lib/testing/test_framework/ottf_main.h" @@ -16,26 +16,23 @@ // the version of this file matching the Bazel rule under test. #include "ecdsa_p256_verify_testvectors.h" -static status_t compute_digest(size_t msg_len, const uint8_t *msg, - hmac_digest_t *digest) { - // Compute the SHA-256 digest using the HMAC HWIP. - hmac_ctx_t hwip_ctx; - TRY(hmac_init(&hwip_ctx, kHmacModeSha256, /*key=*/NULL)); - TRY(hmac_update(&hwip_ctx, msg, msg_len)); - TRY(hmac_final(&hwip_ctx, digest)); - return OTCRYPTO_OK; -} - status_t ecdsa_p256_verify_test( const ecdsa_p256_verify_test_vector_t *testvec) { // Hash message. - hmac_digest_t digest = { - .len = kHmacSha256DigestBytes, + otcrypto_const_byte_buf_t msg_buf = { + .data = testvec->msg, + .len = testvec->msg_len, + }; + uint32_t digest_buf[kSha256DigestWords]; + otcrypto_hash_digest_t digest = { + .mode = kOtcryptoHashModeSha256, + .data = digest_buf, + .len = kSha256DigestWords, }; - TRY(compute_digest(testvec->msg_len, testvec->msg, &digest)); + TRY(otcrypto_hash(msg_buf, digest)); // Attempt to verify signature. - TRY(ecdsa_p256_verify_start(&testvec->signature, digest.digest, + TRY(ecdsa_p256_verify_start(&testvec->signature, digest.data, &testvec->public_key)); hardened_bool_t result; TRY(ecdsa_p256_verify_finalize(&testvec->signature, &result));