sha256: just hash salts at compile time

Author: phlip9

common/src/enclave/sgx.rs

@@ -11,17 +11,12 @@ use secrecy::zeroize::Zeroizing;
 use sgx_isa::{AttributesFlags, Keyname, Keypolicy};
 
 use crate::enclave::{Error, MachineId, Measurement, Sealed, MIN_SGX_CPUSVN};
-use crate::hex;
 use crate::rng::Crng;
+use crate::sha256;
 
-#[cfg(test)]
-const HKDF_SALT_STR: &[u8] = b"LEXE-HASH-REALM::SgxSealing";
-
-/// We salt the HKDF for domain separation purposes. The raw bytes here are
-/// equal to the hash value: `SHA-256(b"LEXE-HASH-REALM::SgxSealing")`.
-const HKDF_SALT: [u8; 32] = hex::decode_const(
-    b"66331e89a9282101072c8879263a948ca8e48ef22c6f18eccf11d91864b3911a",
-);
+/// We salt the HKDF for domain separation purposes.
+const HKDF_SALT: [u8; 32] =
+    sha256::digest_const(b"LEXE-HASH-REALM::SgxSealing").into_inner();
 
 /// AES-256-GCM tag length
 pub const TAG_LEN: usize = 16;
@@ -269,11 +264,9 @@ pub fn machine_id() -> MachineId {
 #[cfg(test)]
 mod test {
     use super::*;
-    use crate::sha256;
 
     #[test]
     fn test_constants() {
         assert_eq!(AES_256_GCM.tag_len(), TAG_LEN);
-        assert_eq!(sha256::digest(HKDF_SALT_STR).as_ref(), HKDF_SALT);
     }
 }

common/src/lib.rs

@@ -36,7 +36,7 @@ pub mod task;
 /// two values.
 #[macro_export]
 macro_rules! const_assert_usize_eq {
-    ($x:expr, $y:expr $(,)*) => {
+    ($x:expr, $y:expr $(,)?) => {
         const _: [(); $x] = [(); $y];
     };
 }

common/src/root_seed.rs

@@ -10,7 +10,7 @@ use secrecy::{ExposeSecret, Secret, SecretVec};
 use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
 
 use crate::rng::Crng;
-use crate::{ed25519, hex};
+use crate::{ed25519, hex, sha256};
 
 /// The user's root seed from which we derive all child secrets.
 pub struct RootSeed(Secret<[u8; Self::LENGTH]>);
@@ -22,15 +22,9 @@ impl RootSeed {
     /// single secret.
     const HKDF_MAX_OUT_LEN: usize = 8160 /* 255*32 */;
 
-    /// The HKDF domain separation value as a human-readable byte string.
-    #[cfg(test)]
-    const HKDF_SALT_STR: &'static [u8] = b"LEXE-HASH-REALM::RootSeed";
-
-    /// We salt the HKDF for domain separation purposes. The raw bytes here are
-    /// equal to the hash value: `SHA-256(b"LEXE-HASH-REALM::RootSeed")`.
-    const HKDF_SALT: [u8; 32] = hex::decode_const(
-        b"363b116be1690fcd481f2d4014812aaecff2411b861198eec42c6e31d80a28a4",
-    );
+    /// We salt the HKDF for domain separation purposes.
+    const HKDF_SALT: [u8; 32] =
+        sha256::digest_const(b"LEXE-HASH-REALM::RootSeed").into_inner();
 
     pub fn new(bytes: Secret<[u8; Self::LENGTH]>) -> Self {
         Self(bytes)
@@ -350,24 +344,6 @@ mod test {
         assert_eq!(foo2.y, "asdf");
     }
 
-    #[test]
-    fn test_root_seed_hkdf_salt() {
-        let actual = RootSeed::HKDF_SALT.as_slice();
-        let expected = sha256::digest(RootSeed::HKDF_SALT_STR);
-
-        // // print out salt
-        // let hex = hex::encode(expected.as_ref());
-        // let (chunks, _) = hex.as_bytes().as_chunks::<2>();
-        // for &[hi, lo] in chunks {
-        //     let hi = hi as char;
-        //     let lo = lo as char;
-        //     println!("0x{hi}{lo},");
-        // }
-
-        // compare hex encode for easier debugging
-        assert_eq!(hex::encode(actual), hex::encode(expected.as_ref()));
-    }
-
     #[test]
     fn test_root_seed_derive() {
         let seed = RootSeed::new(Secret::new([0x42; 32]));

common/src/sha256.rs

@@ -38,7 +38,7 @@ pub const fn digest_const(input: &[u8]) -> Hash {
     digest_many_const(&[input])
 }
 
-/// SHA-256 digest a multiple concatenated inputs at compile time.
+/// SHA-256 digest multiple concatenated inputs at compile time.
 pub const fn digest_many_const(mut inputs: &[&[u8]]) -> Hash {
     let mut acc = sha2_const::Sha256::new();
     while let Some((input, rest)) = inputs.split_first() {