[fix] Execute SHA2-256 KAT before executing the ROM integrity check (#…

…1320) This change re-arranges the KAT and ROM integrity check execution such that the SHA2-256 KAT is run before running the ROM integrity check. This is needed per FIPS requirement AS10.20. Also changed the name of HMAC384 KAT to HMAC384Kdf KAT.
chipsalliance · Feb 14, 2024 · c64e913 · c64e913
1 parent ce4e673
commit c64e913
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 43 deletions.
diff --git a/FROZEN_IMAGES.sha384sum b/FROZEN_IMAGES.sha384sum
@@ -1,3 +1,3 @@
 # WARNING: Do not update this file without the approval of the Caliptra TAC
-8d27981af3d8b6cd587b3ba32d41d83ed34ea42646c339a0555d8bbd5f8b5ad24479440e61237c9df7b80961d7c33dfd  caliptra-rom-no-log.bin
-95d0079625905d680ceffb1bf1f57c68d74eeac5696d18e144bf4801ec5334340e0326dc36006ca40e82facacb8262b4  caliptra-rom-with-log.bin
+eba9b65213e38e759588ec1783636e7fb978611a159699b458d94bb0461d8d4cea9642a315fca4455f3b5a3c692b1f1d  caliptra-rom-no-log.bin
+c52114044bbc4be3ef1bdbf87c5eb959df239d2c395f70679e34d04aaeaae84e8b9bcaa7ea61b585f141613abc2d0923  caliptra-rom-with-log.bin
diff --git a/drivers/test-fw/src/bin/hmac384_tests.rs b/drivers/test-fw/src/bin/hmac384_tests.rs
@@ -20,7 +20,7 @@ use caliptra_drivers::{
     hmac384_kdf, Array4x12, Ecc384, Ecc384PrivKeyOut, Ecc384Scalar, Ecc384Seed, Hmac384, KeyId,
     KeyReadArgs, KeyUsage, KeyWriteArgs, Trng,
 };
-use caliptra_kat::Hmac384Kat;
+use caliptra_kat::Hmac384KdfKat;
 use caliptra_registers::csrng::CsrngReg;
 use caliptra_registers::ecc::EccReg;
 use caliptra_registers::entropy_src::EntropySrcReg;
@@ -699,7 +699,7 @@ fn test_kat() {
     CfiCounter::reset(&mut entropy_gen);
 
     assert_eq!(
-        Hmac384Kat::default()
+        Hmac384KdfKat::default()
             .execute(&mut hmac384, &mut trng)
             .is_ok(),
         true

diff --git a/kat/src/hmac384_kat.rs → kat/src/hmac384kdf_kat.rs b/kat/src/hmac384_kat.rs → kat/src/hmac384kdf_kat.rs
@@ -33,10 +33,10 @@ const EXPECTED_OUT: [u8; 40] = [
 ];
 
 #[derive(Default, Debug)]
-pub struct Hmac384Kat {}
+pub struct Hmac384KdfKat {}
 
-impl Hmac384Kat {
-    /// This function executes the Known Answer Tests (aka KAT) for HMAC384.
+impl Hmac384KdfKat {
+    /// This function executes the Known Answer Tests (aka KAT) for HMAC384Kdf.
     ///
     /// Test vector source:
     /// https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Key-Derivation

diff --git a/kat/src/lib.rs b/kat/src/lib.rs
@@ -15,7 +15,7 @@ Abstract:
 #![no_std]
 
 mod ecc384_kat;
-mod hmac384_kat;
+mod hmac384kdf_kat;
 mod kats_env;
 mod lms_kat;
 mod sha1_kat;
@@ -25,7 +25,7 @@ mod sha384acc_kat;
 
 pub use caliptra_drivers::{CaliptraError, CaliptraResult};
 pub use ecc384_kat::Ecc384Kat;
-pub use hmac384_kat::Hmac384Kat;
+pub use hmac384kdf_kat::Hmac384KdfKat;
 pub use kats_env::KatsEnv;
 pub use lms_kat::LmsKat;
 pub use sha1_kat::Sha1Kat;
@@ -58,8 +58,8 @@ pub fn execute_kat(env: &mut KatsEnv) -> CaliptraResult<()> {
     cprintln!("[kat] ECC-384");
     Ecc384Kat::default().execute(env.ecc384, env.trng)?;
 
-    cprintln!("[kat] HMAC-384");
-    Hmac384Kat::default().execute(env.hmac384, env.trng)?;
+    cprintln!("[kat] HMAC-384Kdf");
+    Hmac384KdfKat::default().execute(env.hmac384, env.trng)?;
 
     cprintln!("[kat] LMS");
     LmsKat::default().execute(env.sha256, env.lms)?;

diff --git a/rom/dev/src/kat.rs b/rom/dev/src/kat.rs
diff --git a/rom/dev/src/main.rs b/rom/dev/src/main.rs
@@ -18,6 +18,8 @@ Abstract:
 use crate::{lock::lock_registers, print::HexBytes};
 use caliptra_cfi_lib::{cfi_assert_eq, CfiCounter};
 use caliptra_common::RomBootStatus;
+use caliptra_common::RomBootStatus::{KatComplete, KatStarted};
+use caliptra_kat::*;
 use caliptra_registers::soc_ifc::SocIfcReg;
 use core::hint::black_box;
 
@@ -41,7 +43,6 @@ mod exception;
 mod fht;
 mod flow;
 mod fuse;
-mod kat;
 mod lock;
 mod pcr;
 mod rom_env;
@@ -184,9 +185,20 @@ pub extern "C" fn rom_entry() -> ! {
 }
 
 fn run_fips_tests(env: &mut KatsEnv) -> CaliptraResult<()> {
+    report_boot_status(KatStarted.into());
+
+    cprintln!("[kat] SHA2-256");
+    Sha256Kat::default().execute(env.sha256)?;
+
+    // ROM integrity check needs SHA2-256 KAT to be executed first per FIPS requirement AS10.20.
     let rom_info = unsafe { &CALIPTRA_ROM_INFO };
     rom_integrity_test(env, &rom_info.sha256_digest)?;
-    kat::execute_kat(env)
+
+    caliptra_kat::execute_kat(env)?;
+
+    report_boot_status(KatComplete.into());
+
+    Ok(())
 }
 
 fn rom_integrity_test(env: &mut KatsEnv, expected_digest: &[u32; 8]) -> CaliptraResult<()> {