[dpe] Update to non-generic crypto API

Cargo.toml

@@ -98,8 +98,8 @@ caliptra-auth-man-gen = { path = "auth-manifest/gen", default-features = false }
 caliptra-auth-man-types = { path = "auth-manifest/types", default-features = false }
 
 # The caliptra-cfi commit rev MUST match the one in caliptra-dpe or the Caliptra runtime will be bloated with duplicate symbols.
-caliptra-cfi-lib = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-lib", rev = "767d4ef59a106aea683b883c07bd65456fb3ba6b", default-features = false, features = ["cfi", "cfi-counter" ] }
-caliptra-cfi-derive = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-derive", rev = "767d4ef59a106aea683b883c07bd65456fb3ba6b"}
+caliptra-cfi-lib = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-lib", rev = "aa96c53073ce7f298f7482c1ac57f5f65ffc115e", default-features = false, features = ["cfi", "cfi-counter" ] }
+caliptra-cfi-derive = { git = "https://github.com/chipsalliance/caliptra-cfi.git", package = "caliptra-cfi-derive", rev = "aa96c53073ce7f298f7482c1ac57f5f65ffc115e"}
 
 caliptra-common = { path = "common", default-features = false }
 caliptra-coverage = { path = "coverage" }
@@ -109,9 +109,9 @@ caliptra-drivers = { path = "drivers" }
 caliptra-drivers-test-bin = { path = "drivers/test-fw" }
 
 # DPE dependencies; keep git revs in sync alongside test/dpe_verification/go.mod
-caliptra-dpe = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "a883222aae7b9306aab089d6efab85d93dbaab26", default-features = false, features = ["hybrid"] }
-caliptra-dpe-crypto = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "a883222aae7b9306aab089d6efab85d93dbaab26", default-features = false }
-caliptra-dpe-platform = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "a883222aae7b9306aab089d6efab85d93dbaab26", default-features = false }
+caliptra-dpe = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "8c5a435b2ee1e21a29244d1c2c00e99790b21a79", default-features = false, features = ["hybrid"] }
+caliptra-dpe-crypto = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "8c5a435b2ee1e21a29244d1c2c00e99790b21a79", default-features = false }
+caliptra-dpe-platform = { git = "https://github.com/chipsalliance/caliptra-dpe", rev = "8c5a435b2ee1e21a29244d1c2c00e99790b21a79", default-features = false }
 
 caliptra-emu-bus = { path = "sw-emulator/lib/bus" }
 caliptra-emu-cpu = { path = "sw-emulator/lib/cpu" }

drivers/Cargo.toml

@@ -14,6 +14,7 @@ bitfield.workspace = true
 bitflags.workspace = true
 caliptra-api.workspace = true
 caliptra-dpe = { workspace = true, optional = true }
+caliptra-dpe-crypto = { workspace = true, optional = true }
 caliptra-error = { workspace = true, default-features = false }
 caliptra-image-types.workspace = true
 caliptra-lms-types.workspace = true
@@ -37,7 +38,7 @@ std = []
 emu = []
 riscv = []
 rom = []
-runtime = ["dep:caliptra-dpe"]
+runtime = ["dep:caliptra-dpe", "dep:caliptra-dpe-crypto"]
 fmc = []
 fpga_realtime = ["caliptra-hw-model/fpga_realtime"]
 fpga_subsystem = ["caliptra-hw-model/fpga_subsystem"]

drivers/src/sha2_512_384.rs

@@ -628,6 +628,68 @@ pub struct Sha384;
 /// SHA-512 variant implementation
 pub struct Sha512;
 
+#[cfg(feature = "runtime")]
+pub struct DpeHasher<'a> {
+    op: Sha2DigestOp<'a, Sha384>,
+    active: Option<()>,
+}
+
+#[cfg(feature = "runtime")]
+impl<'a> DpeHasher<'a> {
+    pub fn new(sha: &'a mut Sha2_512_384) -> Result<Self, CaliptraError> {
+        Ok(Self {
+            op: sha.sha384_digest_init()?,
+            active: None,
+        })
+    }
+
+    pub fn driver(&mut self) -> &mut Sha2_512_384 {
+        self.op.sha
+    }
+}
+
+#[cfg(feature = "runtime")]
+impl caliptra_dpe_crypto::Hasher for DpeHasher<'_> {
+    fn initialize(&mut self) -> Result<(), caliptra_dpe_crypto::CryptoError> {
+        self.op.state = Sha2DigestState::Init;
+        self.op.buf = [0u8; SHA512_BLOCK_BYTE_SIZE];
+        self.op.buf_idx = 0;
+        self.op.data_size = 0;
+        self.active = Some(());
+        Ok(())
+    }
+    fn update(&mut self, bytes: &[u8]) -> Result<(), caliptra_dpe_crypto::CryptoError> {
+        if self.active.is_none() {
+            return Err(caliptra_dpe_crypto::CryptoError::HashError(u32::from(
+                CaliptraError::DRIVER_SHA2_512_384_INVALID_STATE_ERR,
+            )));
+        }
+        self.op
+            .update(bytes)
+            .map_err(|e| caliptra_dpe_crypto::CryptoError::HashError(u32::from(e)))?;
+        Ok(())
+    }
+    fn finish(&mut self) -> Result<caliptra_dpe_crypto::Digest, caliptra_dpe_crypto::CryptoError> {
+        self.active
+            .take()
+            .ok_or(caliptra_dpe_crypto::CryptoError::HashError(0))?;
+        let mut digest = Array4x12::default();
+        Sha2DigestOp {
+            sha: self.op.sha,
+            state: self.op.state,
+            buf: self.op.buf,
+            buf_idx: self.op.buf_idx,
+            data_size: self.op.data_size,
+            _phantom: core::marker::PhantomData::<Sha384>,
+        }
+        .finalize(&mut digest)
+        .map_err(|e| caliptra_dpe_crypto::CryptoError::HashError(u32::from(e)))?;
+        Ok(caliptra_dpe_crypto::Digest::Sha384(
+            caliptra_dpe_crypto::Sha384(digest.into()),
+        ))
+    }
+}
+
 /// SHA-384 key access error trait
 trait Sha384KeyAccessErr {
     /// Convert to read data operation error