| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <890440e0-5da3-84f1-26c1-6b7d856ba7c7@apertussolutions.com>
Date: Mon, 15 May 2023 20:50:13 -0400
From: "Daniel P. Smith" <dpsmith@...rtussolutions.com>
To: Herbert Xu <herbert@...dor.apana.org.au>,
Ross Philipson <ross.philipson@...cle.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
linux-crypto@...r.kernel.org, iommu@...ts.linux-foundation.org,
kexec@...ts.infradead.org, linux-efi@...r.kernel.org,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
ardb@...nel.org, mjg59@...f.ucam.org,
James.Bottomley@...senpartnership.com, luto@...capital.net,
nivedita@...m.mit.edu, kanth.ghatraju@...cle.com,
trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v6 06/14] x86: Add early SHA support for Secure Launch
early measurements
On 5/10/23 23:33, Herbert Xu wrote:
> Ross Philipson <ross.philipson@...cle.com> wrote:
>>
>> +static void __sha_transform(u32 *digest, const char *data)
>> +{
>> + u32 ws[SHA1_WORKSPACE_WORDS];
>> +
>> + sha1_transform(digest, data, ws);
>> +
>> + memzero_explicit(ws, sizeof(ws));
>> +}
>> +
>> +void early_sha1_init(struct sha1_state *sctx)
>> +{
>> + sha1_init(sctx->state);
>> + sctx->count = 0;
>> +}
>> +
>> +void early_sha1_update(struct sha1_state *sctx,
>> + const u8 *data,
>> + unsigned int len)
>> +{
>> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
>> +
>> + sctx->count += len;
>> +
>> + if (likely((partial + len) >= SHA1_BLOCK_SIZE)) {
>> + int blocks;
>> +
>> + if (partial) {
>> + int p = SHA1_BLOCK_SIZE - partial;
>> +
>> + memcpy(sctx->buffer + partial, data, p);
>> + data += p;
>> + len -= p;
>> +
>> + __sha_transform(sctx->state, sctx->buffer);
>> + }
>> +
>> + blocks = len / SHA1_BLOCK_SIZE;
>> + len %= SHA1_BLOCK_SIZE;
>> +
>> + if (blocks) {
>> + while (blocks--) {
>> + __sha_transform(sctx->state, data);
>> + data += SHA1_BLOCK_SIZE;
>> + }
>> + }
>> + partial = 0;
>> + }
>> +
>> + if (len)
>> + memcpy(sctx->buffer + partial, data, len);
>> +}
>> +
>> +void early_sha1_final(struct sha1_state *sctx, u8 *out)
>> +{
>> + const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
>> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
>> + __be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
>> + __be32 *digest = (__be32 *)out;
>> + int i;
>> +
>> + sctx->buffer[partial++] = 0x80;
>> + if (partial > bit_offset) {
>> + memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
>> + partial = 0;
>> +
>> + __sha_transform(sctx->state, sctx->buffer);
>> + }
>> +
>> + memset(sctx->buffer + partial, 0x0, bit_offset - partial);
>> + *bits = cpu_to_be64(sctx->count << 3);
>> + __sha_transform(sctx->state, sctx->buffer);
>> +
>> + for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
>> + put_unaligned_be32(sctx->state[i], digest++);
>> +
>> + *sctx = (struct sha1_state){};
>> +}
>
> If we're going to add SHA1 then this should go into lib/crypto
> just like SHA2.
As mentioned before, this patch mimicked an early version for SHA2. We
were remiss in not keeping it aligned with how the SHA2 evolved. I will
take a closer look, but these wrappers may be able to go away and be
reduced to just an include as SHA2 does these days.
v/r,
dps
Powered by blists - more mailing lists