Repo: Update rust-crypto crates (#3330)

This resolves component governance warnings.

Author: smalis-msft

Cargo.lock

@@ -459,7 +459,7 @@ crc32fast = { version = "1.3.2", default-features = false }
 criterion = { version = "0.7", default-features = false }
 crossterm = { version = "0.29.0", default-features = false }
 ctrlc = "3.4.0"
-der = "0.7"
+der = "0.8"
 dhat = "0.3.3"
 dirs = "6.0"
 elfcore = "2.0.1"
@@ -540,15 +540,15 @@ range_map_vec = "0.2.0"
 resolv-conf = "0.7"
 rlimit = "0.10.1"
 roxmltree = "0.20.0"
-rsa = "0.9.10"
+rsa = { version = "0.10.0-rc.17", default-features = false }
 rusqlite = "0.37"
 rustc-hash = "2.1.1"
 rustyline = "17"
 seccompiler = "0.5"
 serde = { version = "1.0.185", default-features = false }
 serde_json = { version = "1.0", default-features = false }
 serde_yaml = "0.9"
-sha2 = { version = "0.10.8", default-features = false }
+sha2 = { version = "0.11.0", default-features = false }
 shell-words = "1.1"
 signal-hook = { version = "0.3", default-features = false }
 slab = "0.4"

Cargo.toml

@@ -8,3 +8,17 @@ target = "x86_64-unknown-none"
 
 [env]
 MINIMAL_RT_BUILD = "1"
+
+# By default the sha2 crate uses CPU feature detection which on x86_64 uses the
+# cpuid instruction. Executing cpuid in an SNP CVM would require implementing an
+# exception handler, so force sha2's software backend instead. These cfgs are
+# read by the sha2 crate itself, so they must be set via rustflags (which apply
+# to all crates in the build, including dependencies) rather than via a
+# downstream build.rs (whose `cargo:rustc-cfg` only affects that one crate).
+# The `sha2_backend_soft = "compact"` cfg additionally disables loop unrolling
+# in the soft backend, trading performance for a smaller code size.
+[target.x86_64-unknown-none]
+rustflags = [
+  "--cfg", 'sha2_backend="soft"',
+  "--cfg", 'sha2_backend_soft="compact"',
+]

openhcl/minimal_rt/x86_64-config.toml

@@ -30,11 +30,7 @@ zerocopy.workspace = true
 [target.'cfg(target_arch = "x86_64")'.dependencies]
 page_table.workspace = true
 safe_intrinsics.workspace = true
-# By default the sha2 crate uses cpu feature detection which on x86_64 uses the
-# cpuid instruction. Executing cpuid in an SNP CVM would require implementing an
-# exception handler. Using the force-soft feature flag enables a software
-# implementation of the hashing algorithms that does not use cpuid.
-sha2 = { workspace = true, features = ["force-soft"] }
+sha2.workspace = true
 static_assertions.workspace = true
 tdcall.workspace = true
 x86defs.workspace = true

openhcl/openhcl_boot/Cargo.toml

@@ -153,7 +153,7 @@ mod pkcs7_details {
         let content_info = ContentInfo {
             content_type: PKCS_7_SIGNED_DATA_OID,
             content: ContextSpecific {
-                tag_number: TagNumber::new(0),
+                tag_number: TagNumber(0),
                 value: AnyRef::try_from(content)?,
                 tag_mode: TagMode::Explicit,
             },

vm/devices/firmware/firmware_uefi/src/service/nvram/spec_services/auth_var_crypto.rs

@@ -11,7 +11,7 @@ base64.workspace = true
 get_resources.workspace = true
 inspect = { workspace = true, features = ["derive"] }
 openhcl_attestation_protocol.workspace = true
-rsa.workspace = true
+rsa = { workspace = true, features = ["std", "encoding"] }
 serde_json.workspace = true
 sha2.workspace = true
 thiserror.workspace = true

vm/devices/get/test_igvm_agent_lib/Cargo.toml

@@ -33,8 +33,7 @@ use rsa::Oaep;
 use rsa::RsaPrivateKey;
 use rsa::RsaPublicKey;
 use rsa::pkcs8::EncodePrivateKey;
-use rsa::rand_core::OsRng;
-use rsa::rand_core::RngCore;
+use rsa::rand_core::Rng;
 use rsa::rand_core::SeedableRng;
 use sha2::Sha256;
 use std::collections::HashMap;
@@ -469,7 +468,7 @@ impl TestIgvmAgent {
 
         self.secret_key = Some(private_key);
 
-        RngCore::fill_bytes(&mut rng, &mut des_key);
+        Rng::fill_bytes(&mut rng, &mut des_key);
         self.des_key = Some(des_key);
 
         Ok(())
@@ -491,8 +490,8 @@ impl TestIgvmAgent {
             .ok_or(WrappedKeyError::SecretKeyNotInitialized)?;
 
         // Encrypt the DES key using RSA-OAEP
-        let mut rng = OsRng;
-        let padding = Oaep::new::<Sha256>();
+        let mut rng = DummyRng::from_seed(0xabcdu64.to_le_bytes());
+        let padding = Oaep::<Sha256>::new();
         let rsa_public = RsaPublicKey::from(secret_key);
         let encrypted_des = rsa_public
             .encrypt(&mut rng, padding, &des_key)
@@ -567,8 +566,8 @@ impl TestIgvmAgent {
 
         // Convert the JWK RSA key to a usable RSA public key
         let rsa_public_key = RsaPublicKey::new(
-            rsa::BigUint::from_bytes_be(&transfer_key.n),
-            rsa::BigUint::from_bytes_be(&transfer_key.e),
+            rsa::BoxedUint::from_be_slice(&transfer_key.n, 4096 * 8).unwrap(),
+            rsa::BoxedUint::from_be_slice(&transfer_key.e, 4096 * 8).unwrap(),
         )
         .map_err(KeyReleaseError::ConvertJwkRsaFailed)?;
 
@@ -587,18 +586,18 @@ impl TestIgvmAgent {
             .secret_key
             .as_ref()
             .ok_or(KeyReleaseError::SecretKeyNotInitialized)?;
-        let mut rng = OsRng;
+        let mut rng = DummyRng::from_seed(0xabcdu64.to_le_bytes());
 
         // Generate the KEK (32 bytes) and wrap the private key using internal wrapper
         let mut kek_bytes = [0u8; 32];
-        RngCore::fill_bytes(&mut rng, &mut kek_bytes);
+        Rng::fill_bytes(&mut rng, &mut kek_bytes);
         let priv_key_der = secret_key
             .to_pkcs8_der()
             .map_err(KeyReleaseError::RsaToPkcs8Error)?;
         let wrapped_key = aes_key_wrap_with_padding(&kek_bytes, priv_key_der.as_bytes());
 
         // Encrypt the KEK using RSA-OAEP
-        let padding = Oaep::new::<TestSha1>();
+        let padding = Oaep::<TestSha1>::new();
         let encrypted_kek = public_key
             .encrypt(&mut rng, padding, &kek_bytes)
             .map_err(KeyReleaseError::RsaEncryptionError)?;

vm/devices/get/test_igvm_agent_lib/src/lib.rs

@@ -8,13 +8,11 @@
 //! are not vetted for production use and are *exclusively* for this test module on the
 //! Windows platform.
 
-use rsa::rand_core::CryptoRng;
-use rsa::rand_core::RngCore;
+use rsa::rand_core::Rng;
 use rsa::rand_core::SeedableRng;
 use sha2::digest;
 use sha2::digest::consts::U20;
 use sha2::digest::consts::U64;
-use sha2::digest::core_api::BlockSizeUser;
 
 /// Minimal, non-constant-time SHA-1 implementation sufficient to satisfy the
 /// `digest::Digest` trait required by `rsa::Oaep`. Do NOT use in production.
@@ -122,7 +120,7 @@ impl digest::OutputSizeUser for TestSha1 {
     type OutputSize = U20;
 }
 
-impl BlockSizeUser for TestSha1 {
+impl digest::common::BlockSizeUser for TestSha1 {
     type BlockSize = U64;
 }
 
@@ -415,32 +413,30 @@ impl SeedableRng for DummyRng {
     }
 }
 
-impl RngCore for DummyRng {
-    fn next_u32(&mut self) -> u32 {
+impl rsa::rand_core::TryRng for DummyRng {
+    type Error = std::convert::Infallible;
+
+    fn try_next_u32(&mut self) -> Result<u32, Self::Error> {
         self.state = self.state.wrapping_mul(6364136223846793005).wrapping_add(1);
-        (self.state >> 32) as u32
+        Ok((self.state >> 32) as u32)
     }
 
-    fn next_u64(&mut self) -> u64 {
+    fn try_next_u64(&mut self) -> Result<u64, Self::Error> {
         self.state = self.state.wrapping_mul(6364136223846793005).wrapping_add(1);
-        self.state
+        Ok(self.state)
     }
 
-    fn fill_bytes(&mut self, dest: &mut [u8]) {
+    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Self::Error> {
         for chunk in dest.chunks_mut(8) {
             let n = self.next_u64().to_le_bytes();
             chunk.copy_from_slice(&n[..chunk.len()]);
         }
-    }
-
-    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rsa::rand_core::Error> {
-        self.fill_bytes(dest);
         Ok(())
     }
 }
 
 /// Marker trait to satisfy `rsa::RsaPrivateKey::new`.
-impl CryptoRng for DummyRng {}
+impl rsa::rand_core::TryCryptoRng for DummyRng {}
 
 #[cfg(test)]
 mod tests {