Update crc to v2 API

The crc crate completely changed their API from v1 to v2. Change our implementation to use v2 so that we can use newer crc crates. Signed-off-by: Alexander Graf <[email protected]>
aws · Jul 10, 2024 · 76b92ff · 76b92ff
1 parent 2132652
commit 76b92ff
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 21 deletions.
diff --git a/src/utils/eif_reader.rs b/src/utils/eif_reader.rs
@@ -6,7 +6,7 @@ use crate::defs::{
     EifHeader, EifIdentityInfo, EifSectionHeader, EifSectionType, PcrInfo, PcrSignature,
 };
 use aws_nitro_enclaves_cose::{crypto::Openssl, CoseSign1};
-use crc::{crc32, Hasher32};
+use crc::{Crc, CRC_32_ISO_HDLC};
 use openssl::pkey::PKey;
 use serde::{Deserialize, Serialize};
 use serde_cbor::{from_slice, to_vec};
@@ -83,7 +83,8 @@ impl EifReader {
     /// on section type. Also writes sections in the eif_crc, excluding the
     /// CRC from the header
     pub fn from_eif(eif_path: String) -> Result<Self, String> {
-        let mut eif_crc = crc32::Digest::new_with_initial(crc32::IEEE, 0);
+        let crc_gen = Crc::<u32>::new(&CRC_32_ISO_HDLC);
+        let mut eif_crc = crc_gen.digest();
         let mut curr_seek = 0;
         let mut eif_file =
             File::open(eif_path).map_err(|e| format!("Failed to open the EIF file: {:?}", e))?;
@@ -96,7 +97,7 @@ impl EifReader {
 
         // Exclude last field of header which is CRC
         let len_without_crc = header_buf.len() - size_of::<u32>();
-        eif_crc.write(&header_buf[..len_without_crc]);
+        eif_crc.update(&header_buf[..len_without_crc]);
 
         let header = EifHeader::from_be_bytes(&header_buf)
             .map_err(|e| format!("Error while parsing EIF header: {:?}", e))?;
@@ -126,7 +127,7 @@ impl EifReader {
         {
             let section = EifSectionHeader::from_be_bytes(&section_buf)
                 .map_err(|e| format!("Error extracting EIF section header: {:?}", e))?;
-            eif_crc.write(&section_buf);
+            eif_crc.update(&section_buf);
 
             let mut buf = vec![0u8; section.section_size as usize];
             curr_seek += EifSectionHeader::size();
@@ -136,7 +137,7 @@ impl EifReader {
             eif_file
                 .read_exact(&mut buf)
                 .map_err(|e| format!("Error while reading kernel from EIF: {:?}", e))?;
-            eif_crc.write(&buf);
+            eif_crc.update(&buf);
 
             curr_seek += section.section_size as usize;
             eif_file
@@ -202,7 +203,7 @@ impl EifReader {
             bootstrap_hasher,
             app_hasher,
             cert_hasher,
-            eif_crc: eif_crc.sum32(),
+            eif_crc: eif_crc.finalize(),
             sign_check: None,
             metadata,
         })

diff --git a/src/utils/mod.rs b/src/utils/mod.rs
@@ -10,7 +10,7 @@ use crate::defs::{
     MAX_NUM_SECTIONS,
 };
 use aws_nitro_enclaves_cose::{crypto::Openssl, header_map::HeaderMap, CoseSign1};
-use crc::{crc32, Hasher32};
+use crc::{Crc, CRC_32_ISO_HDLC};
 use openssl::asn1::Asn1Time;
 use openssl::pkey::PKey;
 use serde::{Deserialize, Serialize};
@@ -135,7 +135,7 @@ pub struct EifBuilder<T: Digest + Debug + Write + Clone> {
     /// Hash the signing certificate
     pub certificate_hasher: EifHasher<T>,
     hasher_template: T,
-    eif_crc: crc32::Digest,
+    eif_crc: u32,
 }
 
 impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
@@ -170,7 +170,7 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
             certificate_hasher: EifHasher::new_without_cache(hasher.clone())
                 .expect("Could not create certificate hasher"),
             hasher_template: hasher,
-            eif_crc: crc32::Digest::new_with_initial(crc32::IEEE, 0),
+            eif_crc: 0,
         }
     }
 
@@ -331,19 +331,21 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
             section_offsets: self.sections_offsets(),
             section_sizes: self.sections_sizes(),
             unused: 0,
-            eif_crc32: self.eif_crc.sum32(),
+            eif_crc32: self.eif_crc,
         }
     }
 
     /// Compute the crc for the whole enclave image, excluding the
     /// eif_crc32 field from the EIF header.
     pub fn compute_crc(&mut self) {
+        let crc_gen = Crc::<u32>::new(&CRC_32_ISO_HDLC);
+        let mut crc = crc_gen.digest();
         let eif_header = self.header();
         let eif_buffer = eif_header.to_be_bytes();
         // The last field of the EifHeader is the CRC itself, so we need
         // to exclude it from contributing to the CRC.
         let len_without_crc = eif_buffer.len() - size_of::<u32>();
-        self.eif_crc.write(&eif_buffer[..len_without_crc]);
+        crc.update(&eif_buffer[..len_without_crc]);
 
         let eif_section = EifSectionHeader {
             section_type: EifSectionType::EifSectionKernel,
@@ -352,7 +354,7 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
         };
 
         let eif_buffer = eif_section.to_be_bytes();
-        self.eif_crc.write(&eif_buffer[..]);
+        crc.update(&eif_buffer[..]);
         let mut kernel_file = &self.kernel;
 
         kernel_file
@@ -363,7 +365,7 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
             .read_to_end(&mut buffer)
             .expect("Failed to read kernel content");
 
-        self.eif_crc.write(&buffer[..]);
+        crc.update(&buffer[..]);
 
         let eif_section = EifSectionHeader {
             section_type: EifSectionType::EifSectionCmdline,
@@ -372,8 +374,8 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
         };
 
         let eif_buffer = eif_section.to_be_bytes();
-        self.eif_crc.write(&eif_buffer[..]);
-        self.eif_crc.write(&self.cmdline[..]);
+        crc.update(&eif_buffer[..]);
+        crc.update(&self.cmdline[..]);
 
         let eif_section = EifSectionHeader {
             section_type: EifSectionType::EifSectionMetadata,
@@ -382,8 +384,8 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
         };
 
         let eif_buffer = eif_section.to_be_bytes();
-        self.eif_crc.write(&eif_buffer[..]);
-        self.eif_crc.write(&self.metadata[..]);
+        crc.update(&eif_buffer[..]);
+        crc.update(&self.metadata[..]);
 
         for mut ramdisk in &self.ramdisks {
             let eif_section = EifSectionHeader {
@@ -393,7 +395,7 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
             };
 
             let eif_buffer = eif_section.to_be_bytes();
-            self.eif_crc.write(&eif_buffer[..]);
+            crc.update(&eif_buffer[..]);
 
             ramdisk
                 .seek(SeekFrom::Start(0))
@@ -402,7 +404,7 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
             ramdisk
                 .read_to_end(&mut buffer)
                 .expect("Failed to read kernel content");
-            self.eif_crc.write(&buffer[..]);
+            crc.update(&buffer[..]);
         }
 
         if let Some(signature) = &self.signature {
@@ -413,9 +415,11 @@ impl<T: Digest + Debug + Write + Clone> EifBuilder<T> {
             };
 
             let eif_buffer = eif_section.to_be_bytes();
-            self.eif_crc.write(&eif_buffer[..]);
-            self.eif_crc.write(&signature[..]);
+            crc.update(&eif_buffer[..]);
+            crc.update(&signature[..]);
         }
+
+        self.eif_crc = crc.finalize();
     }
 
     pub fn write_header(&mut self, file: &mut File) {