5 files changed, 67 insertions, 66 deletions

diff --git a/common/ap_ro_integrity_check.c b/common/ap_ro_integrity_check.c
index f6592d1ca9..ea0456ad5a 100644
--- a/common/ap_ro_integrity_check.c
+++ b/common/ap_ro_integrity_check.c
@@ -12,11 +12,11 @@
 #include "extension.h"
 #include "flash.h"
 #include "flash_info.h"
-#include "cryptoc/sha256.h"
 #include "stddef.h"
 #include "stdint.h"
 #include "timer.h"
 #include "usb_spi.h"
+#include "usb_spi_board.h"
 
 #define CPRINTS(format, args...) cprints(CC_SYSTEM, format, ##args)
 #define CPRINTF(format, args...) cprintf(CC_SYSTEM, format, ##args)
@@ -269,7 +269,7 @@ static enum ap_ro_check_vc_errors ap_ro_check_unsupported(int add_flash_event)
 int validate_ap_ro(void)
 {
 	uint32_t i;
-	HASH_CTX ctx;
+	struct sha256_ctx ctx;
 	uint8_t digest[SHA256_DIGEST_SIZE];
 	int rv;
 
diff --git a/common/ccd_config.c b/common/ccd_config.c
index 3433766b7c..b3b12e12a7 100644
--- a/common/ccd_config.c
+++ b/common/ccd_config.c
@@ -9,7 +9,6 @@
 #include "byteorder.h"
 #include "ccd_config.h"
 #include "console.h"
-#include "cryptoc/sha256.h"
 #include "dcrypto.h"
 #include "extension.h"
 #include "hooks.h"
@@ -239,17 +238,17 @@ static int raw_has_password(void)
  */
 static void ccd_password_digest(uint8_t *digest, const char *password)
 {
-	HASH_CTX sha;
+	struct sha256_ctx sha;
 	uint8_t *unique_id;
 	int unique_id_len;
 
 	unique_id_len = system_get_chip_unique_id(&unique_id);
 
-	DCRYPTO_SHA256_init(&sha, 0);
-	HASH_update(&sha, config.password_salt, sizeof(config.password_salt));
-	HASH_update(&sha, unique_id, unique_id_len);
-	HASH_update(&sha, password, strlen(password));
-	memcpy(digest, HASH_final(&sha), CCD_PASSWORD_DIGEST_SIZE);
+	SHA256_hw_init(&sha);
+	SHA256_update(&sha, config.password_salt, sizeof(config.password_salt));
+	SHA256_update(&sha, unique_id, unique_id_len);
+	SHA256_update(&sha, password, strlen(password));
+	memcpy(digest, SHA256_final(&sha)->b8, CCD_PASSWORD_DIGEST_SIZE);
 }
 
 /**
diff --git a/common/pinweaver.c b/common/pinweaver.c
index 2cc4118c7d..7cea0ca1b0 100644
--- a/common/pinweaver.c
+++ b/common/pinweaver.c
@@ -159,17 +159,19 @@ static int create_merkle_tree(struct bits_per_level_t bits_per_level,
 	uint8_t temp_hash[PW_HASH_SIZE] = {};
 	uint8_t hx;
 	uint16_t kx;
-	LITE_SHA256_CTX ctx;
+	struct sha256_ctx ctx;
 
 	merkle_tree->bits_per_level = bits_per_level;
 	merkle_tree->height = height;
 
 	/* Initialize the root hash. */
 	for (hx = 0; hx < height.v; ++hx) {
-		DCRYPTO_SHA256_init(&ctx, 0);
+		SHA256_hw_init(&ctx);
 		for (kx = 0; kx < fan_out; ++kx)
-			HASH_update(&ctx, temp_hash, PW_HASH_SIZE);
-		memcpy(temp_hash, HASH_final(&ctx), PW_HASH_SIZE);
+			HASH_update((union hash_ctx *)&ctx, temp_hash,
+				    PW_HASH_SIZE);
+		memcpy(temp_hash, HASH_final((union hash_ctx *)&ctx),
+		       PW_HASH_SIZE);
 	}
 	memcpy(merkle_tree->root, temp_hash, PW_HASH_SIZE);
 
@@ -179,24 +181,25 @@ static int create_merkle_tree(struct bits_per_level_t bits_per_level,
 }
 
 /* Computes the HMAC for an encrypted leaf using the key in the merkle_tree. */
-static void compute_hmac(
-		const struct merkle_tree_t *merkle_tree,
-		const struct imported_leaf_data_t *imported_leaf_data,
-		uint8_t result[PW_HASH_SIZE])
+static void compute_hmac(const struct merkle_tree_t *merkle_tree,
+			 const struct imported_leaf_data_t *imported_leaf_data,
+			 uint8_t result[PW_HASH_SIZE])
 {
-	LITE_HMAC_CTX hmac;
+	struct hmac_sha256_ctx hmac;
 
-	DCRYPTO_HMAC_SHA256_init(&hmac, merkle_tree->hmac_key,
+	HMAC_SHA256_hw_init(&hmac, merkle_tree->hmac_key,
 				 sizeof(merkle_tree->hmac_key));
-	HASH_update(&hmac.hash, imported_leaf_data->head,
+	/* use HASH_update() vs. HMAC_update() due limits of dcrypto mock. */
+	HASH_update((union hash_ctx *)&hmac.hash, imported_leaf_data->head,
 		    sizeof(*imported_leaf_data->head));
-	HASH_update(&hmac.hash, imported_leaf_data->iv,
+	HASH_update((union hash_ctx *)&hmac.hash, imported_leaf_data->iv,
 		    sizeof(PW_WRAP_BLOCK_SIZE));
-	HASH_update(&hmac.hash, imported_leaf_data->pub,
+	HASH_update((union hash_ctx *)&hmac.hash, imported_leaf_data->pub,
 		    imported_leaf_data->head->pub_len);
-	HASH_update(&hmac.hash, imported_leaf_data->cipher_text,
+	HASH_update((union hash_ctx *)&hmac.hash,
+		    imported_leaf_data->cipher_text,
 		    imported_leaf_data->head->sec_len);
-	memcpy(result, DCRYPTO_HMAC_final(&hmac), PW_HASH_SIZE);
+	memcpy(result, HMAC_SHA256_hw_final(&hmac), PW_HASH_SIZE);
 }
 
 /* Computes the root hash for the specified path and child hash. */
@@ -1386,16 +1389,17 @@ void compute_hash(const uint8_t hashes[][PW_HASH_SIZE], uint16_t num_hashes,
 		  const uint8_t child_hash[PW_HASH_SIZE],
 		  uint8_t result[PW_HASH_SIZE])
 {
-	LITE_SHA256_CTX ctx;
+	struct sha256_ctx ctx;
 
-	DCRYPTO_SHA256_init(&ctx, 0);
+	SHA256_hw_init(&ctx);
 	if (location.v > 0)
-		HASH_update(&ctx, hashes[0], PW_HASH_SIZE * location.v);
-	HASH_update(&ctx, child_hash, PW_HASH_SIZE);
+		HASH_update((union hash_ctx *)&ctx, hashes[0],
+			    PW_HASH_SIZE * location.v);
+	HASH_update((union hash_ctx *)&ctx, child_hash, PW_HASH_SIZE);
 	if (location.v < num_hashes)
-		HASH_update(&ctx, hashes[location.v],
+		HASH_update((union hash_ctx *)&ctx, hashes[location.v],
 			    PW_HASH_SIZE * (num_hashes - location.v));
-	memcpy(result, HASH_final(&ctx), PW_HASH_SIZE);
+	memcpy(result, HASH_final((union hash_ctx *)&ctx), PW_HASH_SIZE);
 }
 
 /* If a request from older protocol comes, this method should make it
diff --git a/common/rma_auth.c b/common/rma_auth.c
index 7a34396acd..09539c537b 100644
--- a/common/rma_auth.c
+++ b/common/rma_auth.c
@@ -80,11 +80,11 @@ static void get_hmac_sha256(void *hmac_out, const uint8_t *secret,
 			    size_t ch_size)
 {
 #ifdef USE_DCRYPTO
-	LITE_HMAC_CTX hmac;
+	struct hmac_sha256_ctx hmac;
 
-	DCRYPTO_HMAC_SHA256_init(&hmac, secret, secret_size);
-	HASH_update(&hmac.hash, ch_ptr, ch_size);
-	memcpy(hmac_out, DCRYPTO_HMAC_final(&hmac), 32);
+	HMAC_SHA256_hw_init(&hmac, secret, secret_size);
+	HMAC_SHA256_update(&hmac, ch_ptr, ch_size);
+	memcpy(hmac_out, HMAC_SHA256_hw_final(&hmac), 32);
 #else
 	hmac_SHA256(hmac_out, secret, secret_size, ch_ptr, ch_size);
 #endif
@@ -131,7 +131,7 @@ static void p256_get_pub_key_and_secret(uint8_t pub_key[P256_NBYTES],
 	 * until the genreated bublic key has the compliant Y coordinate.
 	 */
 	while (1) {
-		HASH_CTX sha;
+		struct sha256_ctx sha;
 
 		if (DCRYPTO_p256_key_from_bytes(&pk_x, &pk_y, &d, buf)) {
 
@@ -141,9 +141,9 @@ static void p256_get_pub_key_and_secret(uint8_t pub_key[P256_NBYTES],
 		}
 
 		/* Did not succeed, rehash the private key and try again. */
-		DCRYPTO_SHA256_init(&sha, 0);
-		HASH_update(&sha, buf, sizeof(buf));
-		memcpy(buf, HASH_final(&sha), sizeof(buf));
+		SHA256_hw_init(&sha);
+		SHA256_update(&sha, buf, sizeof(buf));
+		memcpy(buf, SHA256_final(&sha), sizeof(buf));
 	}
 
 	/* X coordinate is passed to the server as the public key. */
diff --git a/common/u2f.c b/common/u2f.c
index 7a5b3e5945..c209be466e 100644
--- a/common/u2f.c
+++ b/common/u2f.c
@@ -8,10 +8,6 @@
 #include "console.h"
 #include "cryptoc/p256.h"
 
-#ifndef TEST_BUILD
-#include "cryptoc/sha256.h"
-#endif
-
 #include "dcrypto.h"
 #include "extension.h"
 #include "system.h"
@@ -444,7 +440,7 @@ static enum vendor_cmd_rc u2f_attest(enum vendor_cmd_cc code, void *buf,
 
 	int verify_ret;
 
-	struct HASH_CTX h_ctx;
+	struct sha256_ctx h_ctx;
 	struct drbg_ctx dr_ctx;
 
 	/* Data hash, and corresponding signature. */
@@ -471,9 +467,9 @@ static enum vendor_cmd_rc u2f_attest(enum vendor_cmd_cc code, void *buf,
 		return verify_ret;
 
 	/* Message signature */
-	DCRYPTO_SHA256_init(&h_ctx, 0);
-	HASH_update(&h_ctx, req->data, u2f_attest_format_size(req->format));
-	p256_from_bin(HASH_final(&h_ctx), &h);
+	SHA256_hw_init(&h_ctx);
+	SHA256_update(&h_ctx, req->data, u2f_attest_format_size(req->format));
+	p256_from_bin(SHA256_final(&h_ctx)->b8, &h);
 
 	/* Derive G2F Attestation Key */
 	if (g2f_individual_keypair(&d, &pk_x, &pk_y)) {
@@ -509,7 +505,7 @@ int u2f_origin_user_keyhandle(const uint8_t *origin, const uint8_t *user,
 			      const uint8_t *origin_seed,
 			      struct u2f_key_handle *key_handle)
 {
-	LITE_HMAC_CTX ctx;
+	struct hmac_sha256_ctx ctx;
 	struct u2f_state *state = get_state();
 
 	if (!state)
@@ -517,12 +513,13 @@ int u2f_origin_user_keyhandle(const uint8_t *origin, const uint8_t *user,
 
 	memcpy(key_handle->origin_seed, origin_seed, P256_NBYTES);
 
-	DCRYPTO_HMAC_SHA256_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
-	HASH_update(&ctx.hash, origin, P256_NBYTES);
-	HASH_update(&ctx.hash, user, P256_NBYTES);
-	HASH_update(&ctx.hash, origin_seed, P256_NBYTES);
+	HMAC_SHA256_hw_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
+	HMAC_SHA256_update(&ctx, origin, P256_NBYTES);
+	HMAC_SHA256_update(&ctx, user, P256_NBYTES);
+	HMAC_SHA256_update(&ctx, origin_seed, P256_NBYTES);
 
-	memcpy(key_handle->hmac, DCRYPTO_HMAC_final(&ctx), SHA256_DIGEST_SIZE);
+	memcpy(key_handle->hmac, HMAC_SHA256_hw_final(&ctx),
+	       SHA256_DIGEST_SIZE);
 
 	return EC_SUCCESS;
 }
@@ -532,7 +529,7 @@ int u2f_origin_user_versioned_keyhandle(
 	uint8_t version,
 	struct u2f_versioned_key_handle_header *key_handle_header)
 {
-	LITE_HMAC_CTX ctx;
+	struct hmac_sha256_ctx ctx;
 	struct u2f_state *state = get_state();
 
 	if (!state)
@@ -541,13 +538,13 @@ int u2f_origin_user_versioned_keyhandle(
 	key_handle_header->version = version;
 	memcpy(key_handle_header->origin_seed, origin_seed, P256_NBYTES);
 
-	DCRYPTO_HMAC_SHA256_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
-	HASH_update(&ctx.hash, origin, P256_NBYTES);
-	HASH_update(&ctx.hash, user, P256_NBYTES);
-	HASH_update(&ctx.hash, origin_seed, P256_NBYTES);
-	HASH_update(&ctx.hash, &version, sizeof(key_handle_header->version));
+	HMAC_SHA256_hw_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
+	HMAC_SHA256_update(&ctx, origin, P256_NBYTES);
+	HMAC_SHA256_update(&ctx, user, P256_NBYTES);
+	HMAC_SHA256_update(&ctx, origin_seed, P256_NBYTES);
+	HMAC_SHA256_update(&ctx, &version, sizeof(key_handle_header->version));
 
-	memcpy(key_handle_header->kh_hmac, DCRYPTO_HMAC_final(&ctx),
+	memcpy(key_handle_header->kh_hmac, HMAC_SHA256_hw_final(&ctx),
 	       SHA256_DIGEST_SIZE);
 
 	return EC_SUCCESS;
@@ -557,19 +554,20 @@ int u2f_authorization_hmac(const uint8_t *authorization_salt,
 			   const struct u2f_versioned_key_handle_header *header,
 			   const uint8_t *auth_time_secret_hash, uint8_t *hmac)
 {
-	LITE_HMAC_CTX ctx;
+	struct hmac_sha256_ctx ctx;
 	struct u2f_state *state = get_state();
 
 	if (!state)
 		return EC_ERROR_UNKNOWN;
 
-	DCRYPTO_HMAC_SHA256_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
-	HASH_update(&ctx.hash, authorization_salt, U2F_AUTHORIZATION_SALT_SIZE);
-	HASH_update(&ctx.hash, (uint8_t *)header,
-		    sizeof(struct u2f_versioned_key_handle_header));
-	HASH_update(&ctx.hash, auth_time_secret_hash, SHA256_DIGEST_SIZE);
+	HMAC_SHA256_hw_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
+	HMAC_SHA256_update(&ctx, authorization_salt,
+			   U2F_AUTHORIZATION_SALT_SIZE);
+	HMAC_SHA256_update(&ctx, (uint8_t *)header,
+			   sizeof(struct u2f_versioned_key_handle_header));
+	HMAC_SHA256_update(&ctx, auth_time_secret_hash, SHA256_DIGEST_SIZE);
 
-	memcpy(hmac, DCRYPTO_HMAC_final(&ctx), SHA256_DIGEST_SIZE);
+	memcpy(hmac, HMAC_SHA256_hw_final(&ctx), SHA256_DIGEST_SIZE);
 
 	return EC_SUCCESS;
 }