diff --git a/Cargo.lock b/Cargo.lock index a6c862731a..ffb81c5860 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -232,7 +232,6 @@ dependencies = [ "hex", "nix 0.26.2", "once_cell", - "sha2", "zerocopy", ] diff --git a/builder/Cargo.toml b/builder/Cargo.toml index e76960fb83..4c3468391d 100644 --- a/builder/Cargo.toml +++ b/builder/Cargo.toml @@ -20,7 +20,6 @@ hex.workspace = true nix.workspace = true once_cell.workspace = true zerocopy.workspace = true -sha2.workspace = true [features] slow_tests = [] diff --git a/builder/src/lib.rs b/builder/src/lib.rs index 5866422ca7..672755c873 100644 --- a/builder/src/lib.rs +++ b/builder/src/lib.rs @@ -422,7 +422,7 @@ pub fn elf2rom(elf_bytes: &[u8]) -> io::Result> { let rom_info_start = rom_info_sym.value as usize; let rom_info = RomInfo { - sha256_digest: sha256::sha256_word_reversed(&result[0..rom_info_start]), + sha256_digest: sha256::sha256_word_reversed(&result[0..rom_info_start])?, revision: image_revision()?, flags: 0, version: version::get_rom_version(), diff --git a/builder/src/sha256.rs b/builder/src/sha256.rs index 03cfecbce9..cedfbe615d 100644 --- a/builder/src/sha256.rs +++ b/builder/src/sha256.rs @@ -1,12 +1,18 @@ // Licensed under the Apache-2.0 license -use sha2::{Digest, Sha256}; +use caliptra_image_gen::ImageGeneratorCrypto; +use caliptra_image_openssl::OsslCrypto; +use std::io::{self, ErrorKind}; -pub fn sha256_word_reversed(bytes: &[u8]) -> [u32; 8] { - let mut sha = Sha256::new(); +pub fn sha256_word_reversed(bytes: &[u8]) -> io::Result<[u32; 8]> { + let crypto = OsslCrypto::default(); + + let mut reversed = Vec::::new(); for i in 0..bytes.len() / 4 { let word = u32::from_le_bytes(bytes[i * 4..][..4].try_into().unwrap()); - sha.update(word.swap_bytes().to_le_bytes()); + reversed.extend_from_slice(&word.swap_bytes().to_le_bytes()); } - let result_bytes = sha.finalize(); - core::array::from_fn(|i| u32::from_be_bytes(result_bytes[i * 4..][..4].try_into().unwrap())) + + crypto + .sha256_digest(&reversed) + .map_err(|e| io::Error::new(ErrorKind::Other, e)) } diff --git a/image/gen/src/lib.rs b/image/gen/src/lib.rs index 1b72250c61..9fe0d80660 100644 --- a/image/gen/src/lib.rs +++ b/image/gen/src/lib.rs @@ -44,6 +44,9 @@ pub trait ImageGenratorExecutable { /// Image Gnerator Crypto Trait pub trait ImageGeneratorCrypto { + /// Calculate SHA-256 digest + fn sha256_digest(&self, data: &[u8]) -> anyhow::Result<[u32; SHA256_DIGEST_WORD_SIZE]>; + /// Calculate SHA-384 digest fn sha384_digest(&self, data: &[u8]) -> anyhow::Result; diff --git a/image/openssl/src/lib.rs b/image/openssl/src/lib.rs index 1b39e1e1eb..c341591f0a 100644 --- a/image/openssl/src/lib.rs +++ b/image/openssl/src/lib.rs @@ -45,6 +45,12 @@ const D_LEAF: u16 = 0x8282; const D_INTR: u16 = 0x8383; impl ImageGeneratorCrypto for OsslCrypto { + fn sha256_digest(&self, data: &[u8]) -> anyhow::Result<[u32; SHA256_DIGEST_WORD_SIZE]> { + let mut engine = Sha256::new(); + engine.update(data); + Ok(to_hw_format(&engine.finish())) + } + /// Calculate SHA-384 Digest fn sha384_digest(&self, data: &[u8]) -> anyhow::Result { let mut engine = Sha384::new(); @@ -157,11 +163,10 @@ pub fn lms_priv_key_from_pem(path: &PathBuf) -> anyhow::Result } /// Convert the slice to hardware format -fn to_hw_format(value: &[u8]) -> [u32; ECC384_SCALAR_WORD_SIZE] { - let arr = TryInto::<[u8; ECC384_SCALAR_BYTE_SIZE]>::try_into(value).unwrap(); - let mut result = [0u32; ECC384_SCALAR_WORD_SIZE]; +fn to_hw_format(value: &[u8]) -> [u32; NUM_WORDS] { + let mut result = [0u32; NUM_WORDS]; for i in 0..result.len() { - result[i] = u32::from_be_bytes(arr[i * 4..][..4].try_into().unwrap()) + result[i] = u32::from_be_bytes(value[i * 4..][..4].try_into().unwrap()) } result } diff --git a/image/types/src/lib.rs b/image/types/src/lib.rs index 5887d5f9ad..35279d2c8e 100644 --- a/image/types/src/lib.rs +++ b/image/types/src/lib.rs @@ -34,6 +34,7 @@ pub const ECC384_SCALAR_WORD_SIZE: usize = 12; pub const ECC384_SCALAR_BYTE_SIZE: usize = 48; pub const SHA192_DIGEST_BYTE_SIZE: usize = 24; pub const SHA192_DIGEST_WORD_SIZE: usize = 6; +pub const SHA256_DIGEST_WORD_SIZE: usize = 8; pub const SHA384_DIGEST_WORD_SIZE: usize = 12; pub const SHA384_DIGEST_BYTE_SIZE: usize = 48; pub const IMAGE_LMS_OTS_P_PARAM: usize = 51;