[dpe] Update to non-generic crypto API

Having generics in the API was duplicating much of the complicated DPE code
(certificate encoding) which bloated the code size unnecessarily. DPE was
updated to remove the generics so this gains some codespace back.

Author: zhalvorsen

Cargo.lock

@@ -98,8 +98,8 @@ caliptra-auth-man-gen = { path = "auth-manifest/gen", default-features = false }
 caliptra-auth-man-types = { path = "auth-manifest/types", default-features = false }
 
 # The caliptra-cfi commit rev MUST match the one in caliptra-dpe or the Caliptra runtime will be bloated with duplicate symbols.
-caliptra-cfi-lib = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-lib", rev = "767d4ef59a106aea683b883c07bd65456fb3ba6b", default-features = false, features = ["cfi", "cfi-counter" ] }
-caliptra-cfi-derive = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-derive", rev = "767d4ef59a106aea683b883c07bd65456fb3ba6b"}
+caliptra-cfi-lib = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-lib", rev = "aa96c53073ce7f298f7482c1ac57f5f65ffc115e", default-features = false, features = ["cfi", "cfi-counter" ] }
+caliptra-cfi-derive = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-derive", rev = "aa96c53073ce7f298f7482c1ac57f5f65ffc115e"}
 
 caliptra-common = { path = "common", default-features = false }
 caliptra-coverage = { path = "coverage" }
@@ -109,9 +109,9 @@ caliptra-drivers = { path = "drivers" }
 caliptra-drivers-test-bin = { path = "drivers/test-fw" }
 
 # DPE dependencies; keep git revs in sync alongside test/dpe_verification/go.mod
-caliptra-dpe = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "a883222aae7b9306aab089d6efab85d93dbaab26", default-features = false, features = ["hybrid"] }
-caliptra-dpe-crypto = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "a883222aae7b9306aab089d6efab85d93dbaab26", default-features = false }
-caliptra-dpe-platform = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "a883222aae7b9306aab089d6efab85d93dbaab26", default-features = false }
+caliptra-dpe = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "2635f47237cdb60029e8aa8ca6aebc27d88b0e1f", default-features = false, features = ["hybrid"] }
+caliptra-dpe-crypto = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "2635f47237cdb60029e8aa8ca6aebc27d88b0e1f", default-features = false }
+caliptra-dpe-platform = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "2635f47237cdb60029e8aa8ca6aebc27d88b0e1f", default-features = false }
 
 caliptra-emu-bus = { path = "sw-emulator/lib/bus" }
 caliptra-emu-cpu = { path = "sw-emulator/lib/cpu" }

Cargo.toml

@@ -14,6 +14,7 @@ bitfield.workspace = true
 bitflags.workspace = true
 caliptra-api.workspace = true
 caliptra-dpe = { workspace = true, optional = true }
+caliptra-dpe-crypto = { workspace = true, optional = true }
 caliptra-error = { workspace = true, default-features = false }
 caliptra-image-types.workspace = true
 caliptra-lms-types.workspace = true
@@ -37,7 +38,7 @@ std = []
 emu = []
 riscv = []
 rom = []
-runtime = ["dep:caliptra-dpe"]
+runtime = ["dep:caliptra-dpe", "dep:caliptra-dpe-crypto"]
 fmc = []
 fpga_realtime = ["caliptra-hw-model/fpga_realtime"]
 fpga_subsystem = ["caliptra-hw-model/fpga_subsystem"]

drivers/Cargo.toml

@@ -628,6 +628,68 @@ pub struct Sha384;
 /// SHA-512 variant implementation
 pub struct Sha512;
 
+#[cfg(feature = "runtime")]
+pub struct DpeHasher<'a> {
+    op: Sha2DigestOp<'a, Sha384>,
+    active: Option<()>,
+}
+
+#[cfg(feature = "runtime")]
+impl<'a> DpeHasher<'a> {
+    pub fn new(sha: &'a mut Sha2_512_384) -> Result<Self, CaliptraError> {
+        Ok(Self {
+            op: sha.sha384_digest_init()?,
+            active: None,
+        })
+    }
+
+    pub fn driver(&mut self) -> &mut Sha2_512_384 {
+        self.op.sha
+    }
+}
+
+#[cfg(feature = "runtime")]
+impl caliptra_dpe_crypto::Hasher for DpeHasher<'_> {
+    fn initialize(&mut self) -> Result<(), caliptra_dpe_crypto::CryptoError> {
+        self.op.state = Sha2DigestState::Init;
+        self.op.buf = [0u8; SHA512_BLOCK_BYTE_SIZE];
+        self.op.buf_idx = 0;
+        self.op.data_size = 0;
+        self.active = Some(());
+        Ok(())
+    }
+    fn update(&mut self, bytes: &[u8]) -> Result<(), caliptra_dpe_crypto::CryptoError> {
+        if self.active.is_none() {
+            return Err(caliptra_dpe_crypto::CryptoError::HashError(u32::from(
+                CaliptraError::DRIVER_SHA2_512_384_INVALID_STATE_ERR,
+            )));
+        }
+        self.op
+            .update(bytes)
+            .map_err(|e| caliptra_dpe_crypto::CryptoError::HashError(u32::from(e)))?;
+        Ok(())
+    }
+    fn finish(&mut self) -> Result<caliptra_dpe_crypto::Digest, caliptra_dpe_crypto::CryptoError> {
+        self.active
+            .take()
+            .ok_or(caliptra_dpe_crypto::CryptoError::HashError(0))?;
+        let mut digest = Array4x12::default();
+        Sha2DigestOp {
+            sha: self.op.sha,
+            state: self.op.state,
+            buf: self.op.buf,
+            buf_idx: self.op.buf_idx,
+            data_size: self.op.data_size,
+            _phantom: core::marker::PhantomData::<Sha384>,
+        }
+        .finalize(&mut digest)
+        .map_err(|e| caliptra_dpe_crypto::CryptoError::HashError(u32::from(e)))?;
+        Ok(caliptra_dpe_crypto::Digest::Sha384(
+            caliptra_dpe_crypto::Sha384(digest.into()),
+        ))
+    }
+}
+
 /// SHA-384 key access error trait
 trait Sha384KeyAccessErr {
     /// Convert to read data operation error